Hello all,
I'm facing a challenge in getting the dashboard requirement done. This is reading from the log, the log pattern is like this:
2018/06/14 06:50:51 VCS NOTICE V-16-1-10447 Group virtual_abc is online on system SERVER_A
When this string is found (the latest string), it is confirmed that virtual_abc is running in SERVER_A.
The requirement is to have the dashboard with SERVER_A and SERVER_B in it. If the virtual_abc running on SERVER_A - it is green for SERVER_A. If the virtual_abc is running on SERVER_B - it is red for SERVER_B (virtual_abc should always running in server_A).
I've the below query correctly extracted the string I want, but have no idea how to make it like requirement above.
index=* | rex field=_raw "Group virtual_abc is online on system (?<online>[\w+]+)" | stats latest(online)
May I ask for your help?
Hi @krusovice,
Depends on your chosen visualization you could set the color based on value.
For table - https://docs.splunk.com/Documentation/Splunk/7.1.1/Viz/TableFormatsFormatting#Format_table_columns
For Single value - https://docs.splunk.com/Documentation/Splunk/7.1.1/Viz/SingleValueFormatting#Color_by_value
If you need to convert string to a numeric value for single value visualiasation, you could use index=* | rex field=_raw "Group virtual_abc is online on system (?<online>[\w+]+)" | stats latest(online) as server|eval result=if(server=="SERVER_A",1,0)|fields result
Let's know in case you need further assistance
Hi @krusovice,
Depends on your chosen visualization you could set the color based on value.
For table - https://docs.splunk.com/Documentation/Splunk/7.1.1/Viz/TableFormatsFormatting#Format_table_columns
For Single value - https://docs.splunk.com/Documentation/Splunk/7.1.1/Viz/SingleValueFormatting#Color_by_value
If you need to convert string to a numeric value for single value visualiasation, you could use index=* | rex field=_raw "Group virtual_abc is online on system (?<online>[\w+]+)" | stats latest(online) as server|eval result=if(server=="SERVER_A",1,0)|fields result
Let's know in case you need further assistance
Thanks @renjith.nair, got the tips in how to achieve it and will work on it.