Splunk Enterprise

How can I change the color of static icon in location tracker?

anissabnk
Path Finder

Hello Everyone,

I need your help please 🙂

I am using the Location Tracker to follow some alerts.

My spl request is :

index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc

The lookup switchs.csv returns the following elements :

  • adresse ip
  • label
  • location

anissabnk_0-1674553305853.png

The final result of the request is :

anissabnk_1-1674553346279.png

 

  • I want to have the static Icon in two colors :
    • Orange : severity between 0 and 2
    • red : severity between  3 and 4

anissabnk_6-1674554107734.png

Thank you so much

Labels (1)
0 Karma
1 Solution

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666306900.png

 

 

 

 

View solution in original post

0 Karma

PaulPanther
Builder

@anissabnk 

Regarding your spl question if your fields are always empty you could use the fillnull command like

index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc
|fillnull field-list=label value="TOU-MAIRIE-ANX-SJV-68"
|fillnull field-list=latitude value="43.12534"
|fillnull field-list=longitude value="5.93029"

 

If you wanna overwrite existing fields with alternating values you could use eval command with case (Comparison and Conditional functions - Splunk Documentation)

 

Regarding the visualization question do you use  following add-on for it Maps+ for Splunk | Splunkbase?

0 Karma

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666306900.png

 

 

 

 

0 Karma

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666217291.png

 

 

0 Karma

PaulPanther
Builder

Regarding the visualization question do you use  the add-on Maps+ for Splunk | Splunkbase for it?

anissabnk
Path Finder

Ok thank you, I will see 

0 Karma
Get Updates on the Splunk Community!

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...