Dashboards & Visualizations

How to change image dynamically based on Search results in HTML Panel

I want to display different images in HTML panel based on Search results i.e.
1) traffic_green.png when my base search returns 10-20 minutes
2) traffic_yellow.png when the result returned is 21-40 min and
3) traffic_red.png when the result returned is 41-60 min.

I have been able to load the images in HTML Panel using condition match for job.resultCount, however similar code with result.<fieldName> does not work.

Following block based on search result count works fine and sets icon_name to green :

      <condition match="'job.resultCount'>0">
        <set token="icon_name">green</set>
      </condition>

Using <img> attribute fully qualified src path to icon image file is set dynamically with icon_name token set in previous step:

src="/static/app/<AppName>/traffic_$icon_name$.png"

How to write conditional match based on result.<fieldname> instead of job.resultCount?

Following does not work, where fieldname is single value field returned by search:

      <condition match="'result.fieldname'>0">
        <set token="icon_name">green</set>
      </condition>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
1 Solution

I was able to solve it myself using eval event handler in conjunction with condition handler.

The condition handler was used only to set the icon to red if no results found.

The eval handler was used to set the icon to red, yellow or green based on result.<fieldname> value from the Splunk search query and feeding it to case expression. Following is the pseudo code:

<!-- To Handle no result found as display red icon-->
<condition match="'job.resultCount'==0">
     <set token="icon_name">red</set>
</condition>
<!-- Else use eval condition to set icon based on values-->
<condition>
    <eval token="icon_name"> 
           <!-- Write case expression here to set token based on query search result for example 0-20 green, 21-40 yellow and 41+ red -->
    </eval>
</condition>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

I was able to solve it myself using eval event handler in conjunction with condition handler.

The condition handler was used only to set the icon to red if no results found.

The eval handler was used to set the icon to red, yellow or green based on result.<fieldname> value from the Splunk search query and feeding it to case expression. Following is the pseudo code:

<!-- To Handle no result found as display red icon-->
<condition match="'job.resultCount'==0">
     <set token="icon_name">red</set>
</condition>
<!-- Else use eval condition to set icon based on values-->
<condition>
    <eval token="icon_name"> 
           <!-- Write case expression here to set token based on query search result for example 0-20 green, 21-40 yellow and 41+ red -->
    </eval>
</condition>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

gcusello
Legend

To do this see Dashboard Examples App - Table Icon Set (Rangemap).
You have to copy two files in your app and modify your dashboard.
Bye.
Giuseppe

0 Karma

I dont want to add icon within Table or any of Splunk Visualization like Single Value or Status Indicator.

I wanted to have dynamic icons directly in HTML Panel. I need help with result.. I am able to do the same with job.resultCount. However, I did not find any example on how to use result.field name.

You can check Set Result Setter under Dashboard Examples to see various Search Tokens have also mentioned result.fieldname.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

correction result.<fieldname>

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...