- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Geostats with status and multiple fields
Hello
Looking for some help for Geo stats command.
I have following fields showing splunk index time - name,host,State,region_id,longitude,latitude,info,geo,status (up/down value)
I need help to construct search query like with geostats showing maps.
Like host status down(RED)/up (Blue) with pie chart with info showing in maps.
All im trying to do is use Geostats command to show my fields info in maps.
some thing like below.
index=test status="*" | dedup host | iplocation host| geostats latfield=latitude longfield=longitude count by status | eval redCount = if(status=Down, Down, 0) | eval greenCount = if(status=UP, TOTAL,0) | fields - TOTAL
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have a search that's generating a basic list of IP Address with a status. Something like this:
ip,status
"192.168.1.66",DOWN
"2001:506:7278:389::1",DOWN
"2001:506:7278:389::1",DOWN
"54.239.18.122",UP
"77.247.110.78",UP
"2001:506:7278:389::1",DOWN
"2001:506:7278:389::1",DOWN
"2001:506:7278:389::1",DOWN
"2001:506:7278:389::1",DOWN
"51.75.52.127",UP
"52.46.133.39",UP
"89.148.203.139",UP
"2001:506:7278:389::1",DOWN
"92.118.37.86",UP
"2001:506:7278:389::1",DOWN
and then you pipe that into this:
| dedup ip
| table ip status
| iplocation ip
| geostats count by status
You should end up with a table that when visualized as a geomap gives you piecharts that shows Up vs. Down.
