Hello,
I have the dashboard panel which gives latest time with respect to source and host,
now I want to give a color to the rows where time exceeds more than one in last 7 days. Please help me out.
index=A OR index=B | stats latest(_time) as latest_time by source,host | eval latest_time=strftime(latest_time,"%d/%m/%y %H:%M:%S:%Q") | table latest_time,source,host|sort -latest_time
when the time range is more than 24 hours the column should be in red.as mentioned below
Thnak you in advance,
Veeru.
latest_time source host
01/05/22 23:19:08:898 | trace.log | y |
30/04/22 23:19:08:597 | SystemOut.log | y |
30/04/22 23:19:08:388 | SystemOut.log | x |
30/04/22 23:19:08:388 | trace.log | x |
30/04/22 23:19:05:611 | SystemOut.log | y |
30/04/22 23:19:05:611 | trace.log | x |
30/04/22 23:09:40:000 | SystemOut.log | y |
30/04/22 23:06:05:000 | SystemOut.log | x |
30/04/22 22:57:14:000 | SystemOut.log | y |
index=A OR index=B
| stats latest(_time) as latest_time by source,host
| table latest_time,source,host
| sort latest_time
| streamstats window=2 range(latest_time) as timerange
| eval colour=if(timerange>24*60*60),"red",null())
| fields -timerange
| sort -latest_time
| fieldformat latest_time=strftime(latest_time,"%d/%m/%y %H:%M:%S:%Q")
Then use colour to indicate that the row needs to be coloured - there are many answers on how to do this