Splunk Search

How to display a table icon for a certain process status?

proylea
Contributor

Hi

I would like to show a list of processes and use the table icon set to show the status of the process, either existing (running) or not:
Green Tick for existing and Red Cross for not.

I can understand how to show a running process with a green tick next to it, but how do you show a non existing process with a red cross next to it? I'm assuming I would need to compare what was or should be existing with what is currently running.

An example of how to do this would be greatly appreciated.

Kind Regards
Peter

Tags (3)
0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi proylea,

you would need a lookup to keep track of the expected processes and use this lookup as comparison to the search.
Take a look at this answer http://answers.splunk.com/answers/73268/search-for-hosts-in-a-lookup-but-not-in-splunk.html to get an idea how it can be done; this was done to get hosts from a lookup which do not show in a search.

Hope this helps ....

cheers, MuS

View solution in original post

MuS
SplunkTrust
SplunkTrust

Hi proylea,

you would need a lookup to keep track of the expected processes and use this lookup as comparison to the search.
Take a look at this answer http://answers.splunk.com/answers/73268/search-for-hosts-in-a-lookup-but-not-in-splunk.html to get an idea how it can be done; this was done to get hosts from a lookup which do not show in a search.

Hope this helps ....

cheers, MuS

proylea
Contributor

Thanks that's exactly what I was looking for

0 Karma
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...