- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Everyone,
I need your help please 🙂
I am using the Location Tracker to follow some alerts.
My spl request is :
index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc
The lookup switchs.csv returns the following elements :
- adresse ip
- label
- location
The final result of the request is :
- I want to have the static Icon in two colors :
- Orange : severity between 0 and 2
- red : severity between 3 and 4
Thank you so much
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much @PaulPanther for your answer.
But do you know something about coloring dynamically static icon.
I want to have the static Icon in two colors :
- Orange : when the severity between 0 and 2
- red : when the severity between 3 and 4
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regarding your spl question if your fields are always empty you could use the fillnull command like
index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc
|fillnull field-list=label value="TOU-MAIRIE-ANX-SJV-68"
|fillnull field-list=latitude value="43.12534"
|fillnull field-list=longitude value="5.93029"
If you wanna overwrite existing fields with alternating values you could use eval command with case (Comparison and Conditional functions - Splunk Documentation)
Regarding the visualization question do you use following add-on for it Maps+ for Splunk | Splunkbase?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much @PaulPanther for your answer.
But do you know something about coloring dynamically static icon.
I want to have the static Icon in two colors :
- Orange : when the severity between 0 and 2
- red : when the severity between 3 and 4
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much @PaulPanther for your answer.
But do you know something about coloring dynamically static icon.
I want to have the static Icon in two colors :
- Orange : when the severity between 0 and 2
- red : when the severity between 3 and 4
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regarding the visualization question do you use the add-on Maps+ for Splunk | Splunkbase for it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok thank you, I will see
data:image/s3,"s3://crabby-images/2f34b/2f34b8387157c32fbd6848ab5b6e4c62160b6f87" alt=""