Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to add icon in Splunk Cloud?

aa0
Path Finder
‎01-12-2023 07:02 AM

Hi all,

I'm currently using Splunk Cloud and my focus is to display status icons as values based on the search results in my classic dashboard table. I found a way to display only the icon with html but at the same time im struggling to assign the icon based on the result from the search query (if result active, pass icon check-circle else default pass icon warning/error etc.). How can I achieve this ? Any tweaks from this code attached will be much appreciated!

<row>
<html>
<div>
<td class="icon-inline numeric">
<i>Range icon: </i>
<i class="icon-check-circle" style="color: green"><var>low</var></i>
<i class="icon-alert" style="color: orange">warning</i>
<i class="icon-alert-circle" style="color: red">error</i>
</td>
</div>
</html>
</row>

<row>
<panel>
<table id="t1">
<search>
<query>index=XXX host=* | eval host=upper(host)
| stats count BY host
| eval count=1, host=upper(host) | fields host count
| stats sum(count) AS total BY host|rangemap field=total low=1-10 default=severe</query>
<earliest>-30m@m</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>

</table>

</panel>
</row>

 

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PaulPanther
Builder
‎01-13-2023 03:51 AM

Ahh, okay. In that case you dont have to use the viz  addon . Instead splunk supports emojis that you can use in your search.

<base search>
| eval status=case(range="inactive","",range="active","")

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

PaulPanther
Builder
‎01-12-2023 07:58 AM

I would recommend to use Status Indicator - Custom Visualization | Splunkbase

One simple example to use it:

    <panel>
      <title>Status Indicator Demo</title>
      <viz type="status_indicator_app.status_indicator">
        <search>
          <query>index=_internal sourcetype=splunkd_ui_access
| rangemap field=status green=200-399 red=400-9999 default=red 
| eval icon=case(range="red","exclamation-circle",range="green","check") 
| eval color=case(range="red","#b93622",range="green","#29bd23") 
| table status icon color</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="drilldown">none</option>
        <option name="status_indicator_app.status_indicator.colorBy">field_value</option>
        <option name="status_indicator_app.status_indicator.fillTarget">background</option>
        <option name="status_indicator_app.status_indicator.fixIcon">warning</option>
        <option name="status_indicator_app.status_indicator.icon">field_value</option>
        <option name="status_indicator_app.status_indicator.precision">0</option>
        <option name="status_indicator_app.status_indicator.showOption">2</option>
        <option name="status_indicator_app.status_indicator.staticColor">#53a051</option>
        <option name="status_indicator_app.status_indicator.useColors">true</option>
        <option name="status_indicator_app.status_indicator.useThousandSeparator">true</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </viz>
    </panel>
0 Karma
Reply
Solved! Jump to solution

aa0
Path Finder
‎01-13-2023 02:26 AM

Thanks for your reply. I've give a try and the icons appear but how to make it include align with the list result?

expected result:

host     |  range             |    status          

xxx1          active       (green icon)

xxx2         inactive       (red icon)

0 Karma
Reply
Solved! Jump to solution
Solution

PaulPanther
Builder
‎01-13-2023 03:51 AM

Ahh, okay. In that case you dont have to use the viz  addon . Instead splunk supports emojis that you can use in your search.

<base search>
| eval status=case(range="inactive","",range="active","")

 

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...