Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I change the color of static icon in location tracker?

anissabnk
Path Finder
‎01-24-2023 01:57 AM

Hello Everyone,

I need your help please 🙂

I am using the Location Tracker to follow some alerts.

My spl request is :

index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc

The lookup switchs.csv returns the following elements :

  • adresse ip
  • label
  • location

anissabnk_0-1674553305853.png

The final result of the request is :

anissabnk_1-1674553346279.png

 

  • I want to have the static Icon in two colors :
    • Orange : severity between 0 and 2
    • red : severity between  3 and 4

anissabnk_6-1674554107734.png

Thank you so much

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

anissabnk
Path Finder
‎01-25-2023 08:59 AM

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666306900.png

 

 

 

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

PaulPanther
Builder
‎01-25-2023 12:23 AM

@anissabnk 

Regarding your spl question if your fields are always empty you could use the fillnull command like

index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc
|fillnull field-list=label value="TOU-MAIRIE-ANX-SJV-68"
|fillnull field-list=latitude value="43.12534"
|fillnull field-list=longitude value="5.93029"

 

If you wanna overwrite existing fields with alternating values you could use eval command with case (Comparison and Conditional functions - Splunk Documentation)

 

Regarding the visualization question do you use  following add-on for it Maps+ for Splunk | Splunkbase?

0 Karma
Reply
Solved! Jump to solution
Solution

anissabnk
Path Finder
‎01-25-2023 08:59 AM

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666306900.png

 

 

 

 

0 Karma
Reply
Solved! Jump to solution

anissabnk
Path Finder
‎01-25-2023 09:04 AM

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666217291.png

 

 

0 Karma
Reply
Solved! Jump to solution

PaulPanther
Builder
‎01-25-2023 11:10 PM

Regarding the visualization question do you use  the add-on Maps+ for Splunk | Splunkbase for it?

Reply
Solved! Jump to solution

anissabnk
Path Finder
‎01-26-2023 12:06 AM

Ok thank you, I will see 

0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...