Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a dashboard that tracks 1 or 2 log feeds?

ngwodo
Path Finder
‎09-17-2020 11:43 AM

you are to create a dashboard that tracks log feeds

​so I imagine it would look like a table and have things like

log feed  |  last seen and it would be colored based on some threshhold (last seen 24 hours red, last seen 10 mins green). It will include:

    1. color for categorizing critical levels
    2. email alerting
    3. can start with small features
Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-22-2020 06:44 AM

Yes - the minutesago calculation allows the colours to be set appropriately

View solution in original post

Reply
Solved! Jump to solution

ngwodo
Path Finder
‎09-21-2020 11:48 AM

I set the color using the single value 42 but the color did not work. Please what is the screenshot or configurations on how I can set the color for threshold of 24 hours with color "Red" and the threshold of 10 minutes with the color "Green" ?

0 Karma
Reply
Solved! Jump to solution

ngwodo
Path Finder
‎09-21-2020 05:49 AM

Thanks. Is the set color from your previous reply  only for 24 hours threshold or for both 24 hours and 10 minutes? Please let me know. I set the color as you stated but did not see the color change. Please advise.

0 Karma
Reply
Solved! Jump to solution

ngwodo
Path Finder
‎09-20-2020 06:46 PM
Spoiler
Please why do you have earliest=-48h instead of 24h for the threshold?  We only have 2 threshold to deal with. The threshold is 24 hours for red  for the first log feed and last 10 minutes for green for the second log feed. So we are looking at 2 different splunk queries to accomplish this threshold. Please assist.
0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-21-2020 12:06 AM

If you limit your query to -24h, then you will get no results if the last time the log was written to is more than 24 hour ago. The -48h was at least giving you a chance at finding if the log was last written to between 48 and 24 hours ago and showing that in red. You could make it -7d or whatever timespan you want to go back looking for when the log was last written to.

0 Karma
Reply
Solved! Jump to solution

ngwodo
Path Finder
‎09-21-2020 04:55 PM

Thanks. The set colors from visualization single value 42 are not working for -24h and -10 mins. I need your help.

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-20-2020 01:31 AM

No I don't think it does what I think you want. What if you the latest entries in the index is over 24 hours? You are only going to get entries by host if the latest entry for that host is between 24 hours and 5 minutes ago.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...