Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Dashboards & Visualizations
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: How to edit my dashboard XML to get a single v...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunker1981
Path Finder
07-07-2016
09:59 AM
Hello Splunkers,
Hoping someone can help or point me in the right direction. I am trying to color code my single value string based on value ranges they fall under. Here is my XML. What I am trying to do is make the string RUNNING green and DOWN red. What am I missing here? I'm on version 6.4. Thanks for all the help in advance.
<query>|stats count| fields - count | eval diff=2000| eval status=case(diff<=1500, "RUNNING", diff >1501, "DOWN") |rangemap field=status low=0-1500 severe=1501-9999</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="classField">range</option>
<option name="field">status</option>
<option name="drilldown">none</option>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">["0x65a637","0x555555"]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<option name="linkView">search</option>
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
07-07-2016
11:19 AM
Try this search
|stats count| fields - count | eval diff=2000| eval status=case(diff<=1500, "RUNNING", diff >1501, "DOWN") |rangemap field=diff low=0-1500 severe=1501-9999 |table status range
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
07-07-2016
11:19 AM
Try this search
|stats count| fields - count | eval diff=2000| eval status=case(diff<=1500, "RUNNING", diff >1501, "DOWN") |rangemap field=diff low=0-1500 severe=1501-9999 |table status range
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunker1981
Path Finder
07-07-2016
11:56 AM
Arggg, so the field has to be the value and then a table command is needed. Thanks for the help, somesoni2 this got things working.
Get Updates on the Splunk Community!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
