Dashboards & Visualizations
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Visualization Help

dvazquez1980
Explorer
‎05-29-2020 12:55 PM

I am trying to create a simple dashboard to track active site using a query like the one below. The query works and returns values but my supervisor has asked me now to add background color to the values in the dashboard. The query below basically checks to see if a service is running on a set of servers. If the service is running on server A it returns Town Name 1, if it is running on server B it returns Town Name 2. If neither is found it returns "Down". I have tried using Single Value visualization and Status Indicator Visualization but both require a numeric value to use the OTB color formatting.

How can i get the background color to change based off the text values Town1, Town2, and Down?

index=windows source=service host=servername* Name=service_name* earliest=-5m State="Running"
| eval Site=if(host="server1", "Town1", if(host="server2","Town2","Down")) | dedup Site | table Site

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dvazquez1980
Explorer
‎06-01-2020 11:29 AM

This is what i ended up doing. Using the Single Value visualization.

index=windows source=service host=servername* Name=service_name* earliest=-5m State="Running"
| eval Site=if(host="server1", "Town1", if(host="server2","Town2","Down"))
| eval range=if(Site=="Town1", "high", if(Site=="Town2","guarded","severe"))
| dedup Site

Then editing the xml as follows:

<earliest>-24h@h</earliest>
         <latest>now</latest>
         <sampleRatio>1</sampleRatio>
       </search>
       <option name="colorMode">block</option>
       <option name="field">Site</option>
       <option name="charting.fieldColors"></option>
     </single>    </panel>

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

dvazquez1980
Explorer
‎06-01-2020 11:29 AM

This is what i ended up doing. Using the Single Value visualization.

index=windows source=service host=servername* Name=service_name* earliest=-5m State="Running"
| eval Site=if(host="server1", "Town1", if(host="server2","Town2","Down"))
| eval range=if(Site=="Town1", "high", if(Site=="Town2","guarded","severe"))
| dedup Site

Then editing the xml as follows:

<earliest>-24h@h</earliest>
         <latest>now</latest>
         <sampleRatio>1</sampleRatio>
       </search>
       <option name="colorMode">block</option>
       <option name="field">Site</option>
       <option name="charting.fieldColors"></option>
     </single>    </panel>
0 Karma
Reply
Solved! Jump to solution

dvazquez1980
Explorer
‎06-01-2020 06:29 AM

Thanks Rich...The problem with the table visualization is the size of the text. The single value and Status Indicator Visualizations have a aesthetic we are looking for. The dashboards are posted on tv screens and are meant to be read from a distance.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-29-2020 01:05 PM

If you use the Table visualization you can set colors based on text values. Edit the dashboard and click the pencil icon in the column to be colored. Turn on colors and select "values". Click the "Define rules" button and fill in the value and associated color. Add more rules as necessary.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top