How to display customized text in table?

mahesh27 · ‎12-05-2022

Output:

Transactions	Sucess	failed	error
12	5	4	10

but when the count condition does not met all the fileds wont get dsiplayed and when i get only transactions count in table
Here i want to add a customized text like "No action required" under the table as shown below:
how can i do this??
Output:

Transactions

12

"No action required"

bowesmana · ‎12-05-2022

You can always add

| fillnull Transactions Sucess failed error

to the end of your search which will always make those fields 0 if they do not exist - but only if at least ONE of them exists, but what do you want to fill those values with.

You could also do this, which would very likely be faster

(index=abt_htt_app host=thyfg OR host=jhbjj OR host=nmm sourcetype=app:abt:logs) OR 
(index=tbt_htt_app host=juhy OR host=kuthf OR host=nmm sourcetype=app:abt:logs) OR 
(index=ccc_htt_app sourcetype=app:abt:even) OR
(tbt_htt_app host=juhy OR host=kuthf OR host=nmm sourcetype=app:clt:logs)
| stats count(eval(index="abt_htt_app")) as Transaction count(eval(index="tbt_htt_app")) as Sucess count(eval(index="ccc_htt_app")) as failed count(eval(index="host")) as error
| eval Transaction=if(Transaction>10, Transaction, 0)
| eval Sucess=if(Sucess>5, Sucess, 0)
| eval failed=if(failed>10, failed, 0)
| eval error=if(error>45, error, 0)

How to display customized text in table?

using Splunk Enterprise

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)