- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: How to add checkmark without using CSS or JS i...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
I am using below query:
<row>
<panel>
<table>
<search>
<query>index="abc*" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval keyword=if(searchmatch("ReadFileImpl - ebnc event balanced successfully"),"True","")| eval phrase="ReadFileImpl - ebnc event balanced successfully"|table phrase keyword</query>
<earliest>-1d@d</earliest>
<latest>@d</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">true</option>
<option name="wrap">true</option>
<format type="color" field="keyword">
<colorPalette type="list">[#118832,#1182F3,#CBA700,#D94E17,#D41F1F]</colorPalette>
<scale type="threshold">0,30,70,100</scale>
</format>
</table>
</panel>
</row>
I want along with true and phrase one checkmark should also come in another column. Can someone guide me.
Phrase keyword
| ReadFileImpl - ebnc event balanced successfully | True | ReadFileImpl - ebnc event balanced successfully | True |
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aditsss,
you have to put the checkmark replacing True not the following double quotes:
index="abc*" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval keyword=if(searchmatch("ReadFileImpl - ebnc event balanced successfully"),"✔","")
| eval phrase="ReadFileImpl - ebnc event balanced successfully"
| table phrase keywordProbably it isn't correctly visualized in this page.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aditsss,
the easiest approach I hint is to use JS and CSS following the instructions in the Splunk Dashboard Examples app (https://splunkbase.splunk.com/app/1603).
Otherwise, you could find on internet a site to find some special images (e.g. https://fsymbols.com/) to copy some symbols to use as usual chars, the visualization of the Splunk code isn't so good (because it's a little bit moved), but the resul is really near to your requirement.
ten you can use them in your search:
<row>
<panel>
<table>
<search>
<query>
index="abc*" sourcetype =600000304_gg_abs_ipc2
source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-
raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval keyword=if(searchmatch("ReadFileImpl - ebnc event
balanced successfully"),"✅","")
| eval phrase="ReadFileImpl - ebnc event balanced successfully"
| table phrase keyword
</query>
<earliest>-1d@d</earliest>
<latest>@d</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">true</option>
<option name="wrap">true</option>
<format type="color" field="keyword">
<colorPalette type="list">[#118832,#1182F3,#CBA700,#D94E17,#D41F1F]
</colorPalette>
<scale type="threshold">0,30,70,100</scale>
</format>
</table>
</panel>
</row>Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried this but not coming. Still in table its phrase and keyword only coming.
index="abc*" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval keyword=if(searchmatch("ReadFileImpl - ebnc event balanced successfully"),"True","✔")| eval phrase="ReadFileImpl - ebnc event balanced successfully"|table phrase keyword
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aditsss,
you have to put the checkmark replacing True not the following double quotes:
index="abc*" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval keyword=if(searchmatch("ReadFileImpl - ebnc event balanced successfully"),"✔","")
| eval phrase="ReadFileImpl - ebnc event balanced successfully"
| table phrase keywordProbably it isn't correctly visualized in this page.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aditsss,
good for you, see next time!
Ciao and happy splunking
Giuseppe
P.S.: Karma Points are appreciated 😉
New Case Study Shows the Value of Partnering with Splunk Academic Alliance
How to Monitor Google Kubernetes Engine (GKE)
Index This | How can you make 45 using only 4?
