Dashboards & Visualizations

Radio button with focus on specific servers (End of Life)

swengroeneveld
Explorer

Good morning to you all and happy Thursday!

I have a set of data called server_os which contains CentOS 5, CentOS 6 and CentOS 7.

As CentOS 5 is end of life and so will be centos 6 soon, I want to create a radio button for my analyst that once they click on "EOL" as shown here; it shows specific data for those 2 (or more) servers in the below graphs, tables etc.

swengroeneveld_0-1603974760032.png

Windows was easy because “server_os”=win 2008

What is the best way to get around this?

I’ve tried:

 

index=u* server_os=* 
| eval EOL=case(match(server_os,"(?i)CentOS 4/5 or later \(64-bit\)"),1 ,match(server_os,"(?i)CentOS 6 \(64-bit\)"),1)
| search EOL=1 
| dedup host, server_os 
| rename server_os AS EOL
| table EOL

 

Just getting stuck so any ideas are welcome.

Note for Windows this worked:

swengroeneveld_1-1603974934020.png

Static does not seem to accept multiple values and adding another EOL underneath.
Note II that I adjusted the value nicer as this was a test. 

Thanks!

Labels (1)
0 Karma
1 Solution

kennetkline
Path Finder

Simplifying a bit  a here;  versus what I have done in my environment to do basically the same thing.

My goal was to only have to edit a lookup as we find new OS variants or support changes;  no editing dashboards or search code.

Write a search that identifies all the OS's in your environment and test tabling to a table 

create an alert  (only have to update if more than 1 result)

 

 

| inputlookup   os_supported_lookup.csv
| append [  search  index=u* server_os=* 
	| stats count by server_os
	| rename server_os as os
	| table os ]
| stats values(supported) as supported by os
| eval supported=if(supported>0, 1, 0)
| table os, supported
| outputlookup os_supported_lookup.csv

 

 



I then use the lookup editor to edit manage update OS's as they end support.   Also any new os's found automatically get added to the list.

Then you can setup your search filter to say all / eol what ever
ALL=*
supported=1
eol=0

setup search

 

 

index=u* server_os=* 
| lookup os OUTPUT supported
| where support=$supported$  

 

 




View solution in original post

0 Karma

swengroeneveld
Explorer

Excellent and simple solution, which I could figure out as well. But I didn't! Thanks @kennetkline 

0 Karma

kennetkline
Path Finder

Simplifying a bit  a here;  versus what I have done in my environment to do basically the same thing.

My goal was to only have to edit a lookup as we find new OS variants or support changes;  no editing dashboards or search code.

Write a search that identifies all the OS's in your environment and test tabling to a table 

create an alert  (only have to update if more than 1 result)

 

 

| inputlookup   os_supported_lookup.csv
| append [  search  index=u* server_os=* 
	| stats count by server_os
	| rename server_os as os
	| table os ]
| stats values(supported) as supported by os
| eval supported=if(supported>0, 1, 0)
| table os, supported
| outputlookup os_supported_lookup.csv

 

 



I then use the lookup editor to edit manage update OS's as they end support.   Also any new os's found automatically get added to the list.

Then you can setup your search filter to say all / eol what ever
ALL=*
supported=1
eol=0

setup search

 

 

index=u* server_os=* 
| lookup os OUTPUT supported
| where support=$supported$  

 

 




0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...