Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to display a single error in multiple inputs?

Dayalss
Engager
‎06-13-2023 04:52 AM

Hi , 

I have a search query -

| search Region = EMEA
| eval Status=case(Statistic=0,"Green" ,
Statistic=2,"Red",
Statistic=1,"Blue",
1==1, " " )
| appendpipe [ stats count | eval Status="Black" | where count=0 | fields - count]
| stats latest(Status)

The region has 7 SOD status data i.e. red and green. ,The issue is if one sod is in red state it is still showing green status.

What I require is even if there is a single red status it has to be picked and not the green one , as I am using it in a dashboard.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-13-2023 05:05 AM

case function is evaluated left to right, so put your highest priority condition first

| eval Status=case(Statistic=2,"Red",
Statistic=1,"Blue",
Statistic=0,"Green" ,
1==1, " " )
0 Karma
Reply

Dayalss
Engager
‎06-13-2023 05:45 AM

Tried it , but still its showing green

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-13-2023 06:04 AM

Please share some sample events (anonymised as necessary) in a code block </> so we can see what you are dealing with.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...
Top