Splunk Enterprise

How can I change the color of static icon in location tracker?

anissabnk
Path Finder

Hello Everyone,

I need your help please 🙂

I am using the Location Tracker to follow some alerts.

My spl request is :

index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc

The lookup switchs.csv returns the following elements :

  • adresse ip
  • label
  • location

anissabnk_0-1674553305853.png

The final result of the request is :

anissabnk_1-1674553346279.png

 

  • I want to have the static Icon in two colors :
    • Orange : severity between 0 and 2
    • red : severity between  3 and 4

anissabnk_6-1674554107734.png

Thank you so much

Labels (1)
0 Karma
1 Solution

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666306900.png

 

 

 

 

View solution in original post

0 Karma

PaulPanther
Builder

@anissabnk 

Regarding your spl question if your fields are always empty you could use the fillnull command like

index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc
|fillnull field-list=label value="TOU-MAIRIE-ANX-SJV-68"
|fillnull field-list=latitude value="43.12534"
|fillnull field-list=longitude value="5.93029"

 

If you wanna overwrite existing fields with alternating values you could use eval command with case (Comparison and Conditional functions - Splunk Documentation)

 

Regarding the visualization question do you use  following add-on for it Maps+ for Splunk | Splunkbase?

0 Karma

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666306900.png

 

 

 

 

0 Karma

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666217291.png

 

 

0 Karma

PaulPanther
Builder

Regarding the visualization question do you use  the add-on Maps+ for Splunk | Splunkbase for it?

anissabnk
Path Finder

Ok thank you, I will see 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti &#x1f389; —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...