Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to change the threshold of either the radial gauge or the rangemap command?

tmarlette
Motivator
‎02-09-2015 02:07 PM

I am using a rangemap function for iis data. I am counting the amount of succesful 'hits' in a log (status=2*) and I'm attempting to map the results to a radial gauge however splunk is truncating the results at 1000. I have 70000+ hits every 60 minutes, so i'm wondering how to change the threshold of either the radial gauge or the rangemap command:

This is my query:

index=my_index sourcetype="iis" sc_status=2* |lookup status_codes.csv status AS sc_status | rangemap field=count low=0-19999 guard=20000-39999 elevated=40000-69999 high=70000-99999 severe=100000-200000 default=severe

is there a way to adjust the rangemap to accept these thresholds?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aljohnson_splun
Splunk Employee
Splunk Employee
‎02-09-2015 02:28 PM

Regardless of using rangemap, you can use gauge pretty easily here:

... | gauge count 0 20000 40000 70000 100000 200000

The first value is the starting value, the last one is the ending value. The values in the middle will automatically become the splitting points. The default colors go from green -> green/yellow -> yellow -> orange -> red. count here would be whatever field you're displaying.

See the docs on the gauge command here.

View solution in original post

Reply
Solved! Jump to solution
Solution

aljohnson_splun
Splunk Employee
Splunk Employee
‎02-09-2015 02:28 PM

Regardless of using rangemap, you can use gauge pretty easily here:

... | gauge count 0 20000 40000 70000 100000 200000

The first value is the starting value, the last one is the ending value. The values in the middle will automatically become the splitting points. The default colors go from green -> green/yellow -> yellow -> orange -> red. count here would be whatever field you're displaying.

See the docs on the gauge command here.

Reply
Solved! Jump to solution

rajendra_b
New Member
‎03-03-2015 06:45 AM

This is good but how do it make the numbers to gauge command dynamic instead of actual numbers. Can I use eval to get the numbers in a variable like

 .... eval y1=(Total * 0.5) | eval y2=(Total * 0.8) |eval y3=Total | gauge count 0 y1 y2 y3
0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎02-09-2015 02:27 PM

I don't see any aggregation command in your query, it means for your chart, no of records are more than 1000 causing the truncation. Try something like this

index=my_index sourcetype="iis" sc_status=2* | stats coun tby sc_status|lookup status_codes.csv status AS sc_status | rangemap field=count low=0-19999 guard=20000-39999 elevated=40000-69999 high=70000-99999 severe=100000-200000 default=severe
0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...