Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk server status dashboard - code issue

bbraun
New Member
‎08-24-2017 04:33 PM

Hi,

I've done a lot of research and have applied many different "fixes" but none have seemed to work.

I'm trying to build a Splunk server status dashboard that shows either "OK" or "down". The two values that I'm working with are 0 and 1. 0 being OK and 1 being down.

I've tried adding rangemap (|rangemap field=Status low=0-0 severe=1-1 ) which didn't resolve my issue.

Can someone look at my code and determine what I'm doing wrong?

my version is 6.5.2

<dashboard>
  <label>SplunkHealth</label>
  <row>
    <panel>
      <title>Indexer 01</title>
      <single>
        <search>
          <query>|inputlookup all_servers.csv  | eval splunk_server=host  | join type=left   splunk_server [|rest /services/server/info]  | join type=left splunk_server [| rest /services/server/status/resource-usage/hostwide ]|fillnull value="Non-Reporting" | eval   Status=if(updated="Non-Reporting",1,0)  |rename splunk_server AS Server| search role=indexer |search Server=slpsplnkidl01 | table Status | eval Status=case(Status=0, "OK", Status=1, "DOWN")</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="colorBy">value</option>
        <option name="colorMode">block</option>
        <option name="drilldown">none</option>
        <option name="numberPrecision">0</option>
        <option name="rangeColors">["0x65a637","0xd93f3c"]</option>
        <option name="rangeValues">[0,1]</option>
        <option name="field">Status</option>
        <option name="showSparkline">1</option>
        <option name="showTrendIndicator">1</option>
        <option name="trendColorInterpretation">standard</option>
        <option name="trendDisplayMode">absolute</option>
        <option name="unitPosition">after</option>
        <option name="useColors">1</option>
        <option name="useThousandSeparators">1</option>
      </single>
    </panel>
  </row>
</dashboard>
0 Karma
Reply

DavidHourani
Super Champion
‎08-25-2017 03:03 AM

Hello bbraun,

You can do this via GUI by simply setting the color range when you click on --> Format Visualization -> color.
No need to edit this via code or anything. Your source should have the options bellow afterwards:

<panel>
  <single>
    <title>your title</title>
    <search>
      <query>your search</query>
      <earliest>$date1.earliest$</earliest>
      <latest>$date1.latest$</latest>
    </search>
    <option name="colorMode">block</option>
    <option name="rangeColors">["0x65a637","0xd93f3c"]</option>
    <option name="rangeValues">[0]</option>
    <option name="useColors">1</option>
  </single>
</panel>

Let me know how that goes for you.

Regards,
David

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-25-2017 01:27 AM

Hi bbraun,
I usually use this search to diplay server status (where Perimeter.csv is a lookup containing all the server in my perimeter to monitor):

| metasearch index=_internal earliest=-300s latest=now
| eval host=upper(host) 
| stats count by host 
| append [ 
     | inputlookup Perimeter.csv 
     | eval count=0, host=upper(host)  
     ] 
| stats sum(count) AS Total by host 
| rangemap field=Total severe=0-0 low=1-1000000000 default=severe 
| table host range

I display status in graphic mode, to do this follw indications in "Table Icon Set (Rangemap)" dashboard of "Splunk 6.x Dashboard Examples" App.

Bye.
Giuseppe

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-24-2017 05:39 PM

If colors is the issue try this:

 <option name="charting.fieldColors">{"DOWN":0xFF0000,"OK":0x00FF00}</option>

Basically saying if the value of Status is DOWN, red, if it's OK, green.

0 Karma
Reply

bbraun
New Member
‎08-24-2017 06:33 PM

When I add that line I receive the below error.

Warning on line 18: Unknown option name="charting.fieldColors" for node="single"

Should if be added to a specific line? Does any need to be removed?

0 Karma
Reply

DavidHourani
Super Champion
‎08-25-2017 02:57 AM

yes charting.fieldColors is for charts and not "single" panels.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-24-2017 05:35 PM

What's the problem?

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...