Splunk Enterprise

How can I change the color of static icon in location tracker?

anissabnk
Path Finder

Hello Everyone,

I need your help please 🙂

I am using the Location Tracker to follow some alerts.

My spl request is :

index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc

The lookup switchs.csv returns the following elements :

  • adresse ip
  • label
  • location

anissabnk_0-1674553305853.png

The final result of the request is :

anissabnk_1-1674553346279.png

 

  • I want to have the static Icon in two colors :
    • Orange : severity between 0 and 2
    • red : severity between  3 and 4

anissabnk_6-1674554107734.png

Thank you so much

Labels (1)
0 Karma
1 Solution

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666306900.png

 

 

 

 

View solution in original post

0 Karma

PaulPanther
Builder

@anissabnk 

Regarding your spl question if your fields are always empty you could use the fillnull command like

index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc
|fillnull field-list=label value="TOU-MAIRIE-ANX-SJV-68"
|fillnull field-list=latitude value="43.12534"
|fillnull field-list=longitude value="5.93029"

 

If you wanna overwrite existing fields with alternating values you could use eval command with case (Comparison and Conditional functions - Splunk Documentation)

 

Regarding the visualization question do you use  following add-on for it Maps+ for Splunk | Splunkbase?

0 Karma

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666306900.png

 

 

 

 

0 Karma

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666217291.png

 

 

0 Karma

PaulPanther
Builder

Regarding the visualization question do you use  the add-on Maps+ for Splunk | Splunkbase for it?

anissabnk
Path Finder

Ok thank you, I will see 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...