Dashboards & Visualizations

How to apply icon in foreach command

mah
Builder

Hi, 

I am stuck on the end of a search with the foreach command. 

Here is my command :

| stats count as count by _time Id statut
| xyseries Id statut count
| fillnull
| foreach count
[ eval <<FIELD>>=case(isnum(<<FIELD>>) AND <<FIELD>>=0,"",isnum(<<FIELD>>) AND <<FIELD>>>=1,"✔️",true(),<<FIELD>>)]

it gives me a table with 0 and 1 values but it does not display the icon I put in the foreach command :

mah_0-1632149650800.png

 

Can you help me to troubleshoot please ?

0 Karma

ashvinpandey
Contributor

@mah Try using below query at the end for all your fields after changing the field name:

| eval <<field_name>>=if(<<field_name>>=0,"❌","✔️")

Also, If this reply helps you, an upvote would be appreciated.

0 Karma

mah
Builder

@ashvinpandey nothing happened. I tried also to replace the foreach command by an eval like you but no effect.

0 Karma

mah
Builder

@ashvinpandey I tried your eval at the end like this :

| stats count as count by _time Id statut
| xyseries Id statut count
| fillnull
| foreach count
    [ eval <<FIELD>>=case(isnum(<<FIELD>>) AND <<FIELD>>=0,"❌",isnum(<<FIELD>>) AND <<FIELD>>>=1,"✔️",true(),<<FIELD>>)]

| eval count=if(count=0,"","")

 

But nothing happened ...

I am still getting 1 and 0 values instead of icons.

Tags (1)
0 Karma

ashvinpandey
Contributor

@mah instead of count in the eval use the exact field name like you showed in the image 3 fields blurred in image *request, *user, update* all 3 fields in three different eval

0 Karma

mah
Builder

@ashvinpandey I tried your solution with adding an eval at the end of the request (and changing the field_name by the 3 of mine) but nothing happened. 

Did you tried to simulate the request by your side ? 

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk Observability Cloud – June 2025

What’s New in Splunk Observability Cloud – June 2025 We are excited to announce the latest enhancements to ...

Almost Too Eventful Assurance: Part 2

Work While You SleepBefore you can rely on any autonomous remediation measures, you need to close the loop ...

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

 Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research Team (STRT) and ...