Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: dashboard
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
so i have a dashboard with 4 panels and there is checkbox with 2 options of solved and unsolved , so for unsolved the colour of the panels should remain red when the count is greater than 0. which i am able to do with splunk dashboard feature itself. But for solved option every panels should be green . so how should i approach this.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
<form version="1.1" script="solved3.js ,minor.js, warning.js , critical.js" theme="dark">
<label>SBC Monitoring</label>
<init>
<set token="rangeColors">"0x118832","0xd41f1f"</set>
</init>
<fieldset submitButton="false">
<input type="checkbox" token="srStatus">
<label>Status</label>
<choice value="1">solved</choice>
<choice value="0">unsolved</choice>
<prefix>(</prefix>
<suffix>)</suffix>
<valuePrefix>solved=</valuePrefix>
<delimiter> OR </delimiter>
<default>0</default>
<initialValue>1,0</initialValue>
<change>
<eval token="rangeColors">if(isnotnull(mvfind($form.srStatus$,"0")),"\"0x118832\",\"0xd41f1f\"","\"0x118832\",\"0x118832\"")</eval>
</change>
</input>
</fieldset>
<row>
<panel>
<title>MINOR EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_minor.csv```
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<drilldown>
<set token="minor">minor</set>
<unset token="major"></unset>
<unset token="critical"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>MAJOR EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_major.csv```
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<drilldown>
<set token="major">major</set>
<unset token="minor"></unset>
<unset token="critical"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>CRITICAL EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_critical.csv```
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
<drilldown>
<set token="critical">critical</set>
<unset token="major"></unset>
<unset token="minor"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>WARNING EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_warning.csv```
| search $srStatus$
| stats count</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
<drilldown>
<set token="warning">warning</set>
<unset token="major"></unset>
<unset token="minor"></unset>
<unset token="critical"></unset>
</drilldown>
</single>
</panel>
</row>
<row>
<panel>
<title>MINOR ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=minor
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No Minor Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>MAJOR ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=major
| stats count as Total by date</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>CRITICAL ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=critical
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No critical Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>WARNING ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=warning
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No Minor Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel depends="$minor$">
<title>Minor Events</title>
<table id="sbc_minor_table">
<search>
<query>| inputlookup sbc_minor.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$major$">
<title>Major Events</title>
<table id="sbc_alarm_table">
<search>
<query>| inputlookup sbc_major.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$critical$">
<title>Critical Events</title>
<table id="sbc_critical_table">
<search>
<query>| inputlookup sbc_critical.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$warning$">
<title>Warning Events</title>
<table id="sbc_warning_table">
<search>
<query>| inputlookup sbc_warning.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI @SN1
This largely depends on the implementation of your dashboard - Please could you share your existing dashboard code so that we can try and make this work for you.
🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok this is the source code
<form version="1.1" script="solved3.js ,minor.js, warning.js , critical.js" theme="dark">
<label>SBC Monitoring</label>
<fieldset submitButton="false">
<input type="checkbox" token="srStatus">
<label>Status</label>
<choice value="1">solved</choice>
<choice value="0">unsolved</choice>
<prefix>(</prefix>
<suffix>)</suffix>
<valuePrefix>solved=</valuePrefix>
<delimiter> OR </delimiter>
<default>0</default>
<initialValue>1,0</initialValue>
</input>
</fieldset>
<row>
<panel>
<title>MINOR EVENTS</title>
<single>
<search>
<query>| inputlookup sbc_minor.csv
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">["0x118832","0xd41f1f"]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<drilldown>
<set token="minor">minor</set>
<unset token="major"></unset>
<unset token="critical"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>MAJOR EVENTS</title>
<single>
<search>
<query>| inputlookup sbc_major.csv
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">["0x118832","0xd41f1f"]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<drilldown>
<set token="major">major</set>
<unset token="minor"></unset>
<unset token="critical"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>CRITICAL EVENTS</title>
<single>
<search>
<query>| inputlookup sbc_critical.csv
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="rangeColors">["0x118832","0xd41f1f"]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
<drilldown>
<set token="critical">critical</set>
<unset token="major"></unset>
<unset token="minor"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>WARNING EVENTS</title>
<single>
<search>
<query>| inputlookup sbc_warning.csv
| search $srStatus$
| stats count</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="rangeColors">["0x118832","0xd41f1f"]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
<drilldown>
<set token="warning">warning</set>
<unset token="major"></unset>
<unset token="minor"></unset>
<unset token="critical"></unset>
</drilldown>
</single>
</panel>
</row>
<row>
<panel>
<title>MINOR ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=minor
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No Minor Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>MAJOR ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=major
| stats count as Total by date</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>CRITICAL ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=critical
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No critical Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>WARNING ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=warning
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No Minor Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel depends="$minor$">
<title>Minor Events</title>
<table id="sbc_minor_table">
<search>
<query>| inputlookup sbc_minor.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$major$">
<title>Major Events</title>
<table id="sbc_alarm_table">
<search>
<query>| inputlookup sbc_major.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$critical$">
<title>Critical Events</title>
<table id="sbc_critical_table">
<search>
<query>| inputlookup sbc_critical.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$warning$">
<title>Warning Events</title>
<table id="sbc_warning_table">
<search>
<query>| inputlookup sbc_warning.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I understood correctly, you want red and green if unsolved is checked and green and red if unsolved is not checked?
<form version="1.1" script="solved3.js ,minor.js, warning.js , critical.js" theme="dark">
<label>SBC Monitoring</label>
<init>
<set token="rangeColors">"0x118832","0xd41f1f"</set>
</init>
<fieldset submitButton="false">
<input type="checkbox" token="srStatus">
<label>Status</label>
<choice value="1">solved</choice>
<choice value="0">unsolved</choice>
<prefix>(</prefix>
<suffix>)</suffix>
<valuePrefix>solved=</valuePrefix>
<delimiter> OR </delimiter>
<default>0</default>
<initialValue>1,0</initialValue>
<change>
<eval token="rangeColors">if(isnotnull(mvfind($form.srStatus$,"0")),"\"0x118832\",\"0xd41f1f\"","\"0xd41f1f\",\"0x118832\"")</eval>
</change>
</input>
</fieldset>
<row>
<panel>
<title>MINOR EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_minor.csv```
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<drilldown>
<set token="minor">minor</set>
<unset token="major"></unset>
<unset token="critical"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>MAJOR EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_major.csv```
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<drilldown>
<set token="major">major</set>
<unset token="minor"></unset>
<unset token="critical"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>CRITICAL EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_critical.csv```
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
<drilldown>
<set token="critical">critical</set>
<unset token="major"></unset>
<unset token="minor"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>WARNING EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_warning.csv```
| search $srStatus$
| stats count</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
<drilldown>
<set token="warning">warning</set>
<unset token="major"></unset>
<unset token="minor"></unset>
<unset token="critical"></unset>
</drilldown>
</single>
</panel>
</row>
<row>
<panel>
<title>MINOR ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=minor
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No Minor Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>MAJOR ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=major
| stats count as Total by date</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>CRITICAL ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=critical
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No critical Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>WARNING ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=warning
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No Minor Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel depends="$minor$">
<title>Minor Events</title>
<table id="sbc_minor_table">
<search>
<query>| inputlookup sbc_minor.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$major$">
<title>Major Events</title>
<table id="sbc_alarm_table">
<search>
<query>| inputlookup sbc_major.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$critical$">
<title>Critical Events</title>
<table id="sbc_critical_table">
<search>
<query>| inputlookup sbc_critical.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$warning$">
<title>Warning Events</title>
<table id="sbc_warning_table">
<search>
<query>| inputlookup sbc_warning.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NO for unsolved it will be red if the count is 0 then only the panel color will be green . And for solved all panels should be green nothing should be red.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please clarify - if you have unsolved checked, it should be red if the count is greater than 0 but if it is 0 then the panel is green?
Since you are using checkboxes, what do you want if both boxes are checked?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok , so if both the options are checked then it all the panels should be red , it will be green only if the count is 0 in the panel which means if the panel is showing 0.
this is same if unsolved option is only checked.
If solved is checked then all the panels color should be green . Hope I am clear this time.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
<form version="1.1" script="solved3.js ,minor.js, warning.js , critical.js" theme="dark">
<label>SBC Monitoring</label>
<init>
<set token="rangeColors">"0x118832","0xd41f1f"</set>
</init>
<fieldset submitButton="false">
<input type="checkbox" token="srStatus">
<label>Status</label>
<choice value="1">solved</choice>
<choice value="0">unsolved</choice>
<prefix>(</prefix>
<suffix>)</suffix>
<valuePrefix>solved=</valuePrefix>
<delimiter> OR </delimiter>
<default>0</default>
<initialValue>1,0</initialValue>
<change>
<eval token="rangeColors">if(isnotnull(mvfind($form.srStatus$,"0")),"\"0x118832\",\"0xd41f1f\"","\"0x118832\",\"0x118832\"")</eval>
</change>
</input>
</fieldset>
<row>
<panel>
<title>MINOR EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_minor.csv```
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<drilldown>
<set token="minor">minor</set>
<unset token="major"></unset>
<unset token="critical"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>MAJOR EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_major.csv```
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<drilldown>
<set token="major">major</set>
<unset token="minor"></unset>
<unset token="critical"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>CRITICAL EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_critical.csv```
| search $srStatus$
| stats count</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
<drilldown>
<set token="critical">critical</set>
<unset token="major"></unset>
<unset token="minor"></unset>
<unset token="warning"></unset>
</drilldown>
</single>
</panel>
<panel>
<title>WARNING EVENTS</title>
<single>
<search>
<query>| makeresults count=5
| eval solved=random()%2
```| inputlookup sbc_warning.csv```
| search $srStatus$
| stats count</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="colorMode">block</option>
<option name="drilldown">all</option>
<option name="rangeColors">[$rangeColors$]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
<drilldown>
<set token="warning">warning</set>
<unset token="major"></unset>
<unset token="minor"></unset>
<unset token="critical"></unset>
</drilldown>
</single>
</panel>
</row>
<row>
<panel>
<title>MINOR ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=minor
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No Minor Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>MAJOR ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=major
| stats count as Total by date</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>CRITICAL ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=critical
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No critical Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>WARNING ALERTS HISTORY</title>
<chart>
<search>
<query>index=sbc-logs RAISE-ALARM
| dedup S
| rex field=_raw ".*Severity:(?<Severity>\D+);"
| rex field=_raw "\[Time:(?<Time>.*)]"
| rex field=Time "(?<date>.*)@"
| rex field=_raw "RAISE-ALARM:(?<Alarm_Type>\w+)"
| rex max_match=0 field=_raw ": \[(?<Region>\w+)\]"
| rex max_match=0 field=_raw "\[\w+\d\](?<message>[^;]+)"
| table Alarm_Type Region message IP Severity Time date
| search Severity=warning
| stats count as Total by date
| appendpipe
[ stats count
| eval Message="No Minor Alerts"
| where count==0
| table Message
| fields - Alarm_Type Region message IP Severity Time date]
| transpose 0
| eval allnulls=1
| foreach row*
[ eval allnulls=if(isnull('<<FIELD>>'),allnulls,0) ]
| where allnulls=0
| fields - allnulls
| transpose 0 header_field=column
| fields - column</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel depends="$minor$">
<title>Minor Events</title>
<table id="sbc_minor_table">
<search>
<query>| inputlookup sbc_minor.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$major$">
<title>Major Events</title>
<table id="sbc_alarm_table">
<search>
<query>| inputlookup sbc_major.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$critical$">
<title>Critical Events</title>
<table id="sbc_critical_table">
<search>
<query>| inputlookup sbc_critical.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel depends="$warning$">
<title>Warning Events</title>
<table id="sbc_warning_table">
<search>
<query>| inputlookup sbc_warning.csv
| search $srStatus$
| eval Server_Name=case(IP == "10.2.96.35","US-SOU",IP == "10.82.10.245","KR-SEL",IP == "10.86.164.25","CN-SGH",IP == "10.86.68.25","CN-SHH",IP == "10.86.128.25","CN-SHA" ,IP == "10.20.41.90 ","DE-SLO",IP == "10.150.222.120","DE-BIE")</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
it is working fine , but when i am refreshing the entire dashboard unsolved color becomes opposite meaning the panel which is showing green shows red and other panels are showing green .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Change the init block (solution updated)
<init>
<set token="rangeColors">"0x118832","0xd41f1f"</set>
</init>
.conf25 Registration is OPEN!
Detecting Cross-Channel Fraud with Splunk
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
