Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help on appendpipe

jip31
Motivator
‎07-23-2020 10:52 PM

Hi

I use the code below

In the case of no FreeSpace event exists, I would like to display the message "No disk pace events for this host" in my single panel

How doing this please?

 

 

 

 

 `diskspace` 
| fields FreeSpaceKB host 
| eval host=upper(host) 
| eval FreeSpace = FreeSpaceKB/1024 
| eval FreeSpace = round(FreeSpace/1024,1) 
| search host=$tok_filterhost$ 
| stats latest(FreeSpace) as FreeSpace by host 
| table FreeSpace

 

 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎07-24-2020 09:26 PM 
`diskspace` 
| fields FreeSpaceKB host 
| eval host=upper(host) 
| eval FreeSpace = FreeSpaceKB/1024 
| eval FreeSpace = round(FreeSpace/1024,1) 
| search host=$tok_filterhost$ 
| stats latest(FreeSpace) as FreeSpace by host 
| eval FreeSpace=FreeSpace."GB"
| table FreeSpace

and delete option.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

to4kawa
Ultra Champion
‎07-24-2020 12:02 AM

 

 `diskspace` 
| fields FreeSpaceKB host 
| eval host=upper(host) 
| eval FreeSpace = FreeSpaceKB/1024 
| eval FreeSpace = round(FreeSpace/1024,1) 
| search host=$tok_filterhost$ 
| stats latest(FreeSpace) as FreeSpace by host 
| table FreeSpace 
| appendpipe [|stats count
| eval FreeSpace="No disk pace events for this host"
| where count = 0 | table FreeSpace ]

 

There must have been something made by  @woodcock  about it before, but I've forgotten.

0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎07-24-2020 08:16 PM

Thanks, it works fine but ..

In my xml , i format my single value like this

<option name="unit">GB</option>

 So if "No disk space for this events" is true what is displayed is "No disk space for this events GB".....

0 Karma
Reply
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎07-24-2020 09:26 PM 
`diskspace` 
| fields FreeSpaceKB host 
| eval host=upper(host) 
| eval FreeSpace = FreeSpaceKB/1024 
| eval FreeSpace = round(FreeSpace/1024,1) 
| search host=$tok_filterhost$ 
| stats latest(FreeSpace) as FreeSpace by host 
| eval FreeSpace=FreeSpace."GB"
| table FreeSpace

and delete option.

0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎07-26-2020 09:06 PM

it works but in this case I lost the color format vizualization I use 

 

ex : 0 to 32 : red color

32 to 50 : orange color

0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎07-26-2020 01:06 AM

Thanks Would you confirme that with this code the color palette will continue to work fine? ( i cant test ot today sorry)?

0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎07-26-2020 01:03 AM
Thanks Would you confirme that with this code the color palette will continue to work fine? ( i cant test ot today sorry)?
0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎07-24-2020 07:27 AM

You've got it; that's the way to do it, but it was originally from @martin_mueller .

Reply
Solved! Jump to solution

to4kawa
Ultra Champion
‎07-24-2020 11:21 AM

Every query has its own history. thanks @woodcock 

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...