Splunk Enterprise

How can I change the color of static icon in location tracker?

anissabnk
Path Finder

Hello Everyone,

I need your help please 🙂

I am using the Location Tracker to follow some alerts.

My spl request is :

index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc

The lookup switchs.csv returns the following elements :

  • adresse ip
  • label
  • location

anissabnk_0-1674553305853.png

The final result of the request is :

anissabnk_1-1674553346279.png

 

  • I want to have the static Icon in two colors :
    • Orange : severity between 0 and 2
    • red : severity between  3 and 4

anissabnk_6-1674554107734.png

Thank you so much

Labels (1)
0 Karma
1 Solution

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666306900.png

 

 

 

 

View solution in original post

0 Karma

PaulPanther
Builder

@anissabnk 

Regarding your spl question if your fields are always empty you could use the fillnull command like

index="imcfault" sourcetype="st_imcfault"
| lookup switchs.csv ip AS sourceIp
| rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$"
| table _time latitude longitude faultDesc
|fillnull field-list=label value="TOU-MAIRIE-ANX-SJV-68"
|fillnull field-list=latitude value="43.12534"
|fillnull field-list=longitude value="5.93029"

 

If you wanna overwrite existing fields with alternating values you could use eval command with case (Comparison and Conditional functions - Splunk Documentation)

 

Regarding the visualization question do you use  following add-on for it Maps+ for Splunk | Splunkbase?

0 Karma

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666306900.png

 

 

 

 

0 Karma

anissabnk
Path Finder

Thank you so much @PaulPanther for your answer. 

But do you know something about coloring dynamically static icon.

want to have the static Icon in two colors :

  • Orange : when the severity between 0 and 2
  • red : when the severity between  3 and 4

anissabnk_0-1674666217291.png

 

 

0 Karma

PaulPanther
Builder

Regarding the visualization question do you use  the add-on Maps+ for Splunk | Splunkbase for it?

anissabnk
Path Finder

Ok thank you, I will see 

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...