Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a dashboard that tracks 1 or 2 log feeds?

ngwodo
Path Finder
‎09-17-2020 11:43 AM

you are to create a dashboard that tracks log feeds

​so I imagine it would look like a table and have things like

log feed  |  last seen and it would be colored based on some threshhold (last seen 24 hours red, last seen 10 mins green). It will include:

    1. color for categorizing critical levels
    2. email alerting
    3. can start with small features
Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-22-2020 06:44 AM

Yes - the minutesago calculation allows the colours to be set appropriately

View solution in original post

Reply
Solved! Jump to solution

ngwodo
Path Finder
‎09-21-2020 11:48 AM

I set the color using the single value 42 but the color did not work. Please what is the screenshot or configurations on how I can set the color for threshold of 24 hours with color "Red" and the threshold of 10 minutes with the color "Green" ?

0 Karma
Reply
Solved! Jump to solution

ngwodo
Path Finder
‎09-21-2020 05:49 AM

Thanks. Is the set color from your previous reply  only for 24 hours threshold or for both 24 hours and 10 minutes? Please let me know. I set the color as you stated but did not see the color change. Please advise.

0 Karma
Reply
Solved! Jump to solution

ngwodo
Path Finder
‎09-20-2020 06:46 PM
Spoiler
Please why do you have earliest=-48h instead of 24h for the threshold?  We only have 2 threshold to deal with. The threshold is 24 hours for red  for the first log feed and last 10 minutes for green for the second log feed. So we are looking at 2 different splunk queries to accomplish this threshold. Please assist.
0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-21-2020 12:06 AM

If you limit your query to -24h, then you will get no results if the last time the log was written to is more than 24 hour ago. The -48h was at least giving you a chance at finding if the log was last written to between 48 and 24 hours ago and showing that in red. You could make it -7d or whatever timespan you want to go back looking for when the log was last written to.

0 Karma
Reply
Solved! Jump to solution

ngwodo
Path Finder
‎09-21-2020 04:55 PM

Thanks. The set colors from visualization single value 42 are not working for -24h and -10 mins. I need your help.

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-20-2020 01:31 AM

No I don't think it does what I think you want. What if you the latest entries in the index is over 24 hours? You are only going to get entries by host if the latest entry for that host is between 24 hours and 5 minutes ago.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...