Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to display cities by color based on severity level in Splunk 6 maps and display city name and severity level in tooltip?

Venkat_16
Contributor
‎01-05-2015 12:40 AM

Hi. I am working on displaying cities with different severity levels. Cities with sev1 should be in red, sev2 in amber and sev3 in yellow. I also want to display city name and sev level in tooltip. I tried this solution:
http://answers.splunk.com/answers/137571/displaying-city-in-splunk-6-map-tooltip.html

But the issue is, all the cities are displayed in different colors. I want to display the city based on the color I specify. I have even inserted the color in map element xml view.{sev1:0xFF3300,sev2:0xFFCC66,sev3:0xFFFF66}. the query am using is...." 

eval sev=case(units>=120,"sev1",units<120 AND units>=50,"sev2",units<25,"sev3") |  eval new_field=city.": ".sev | lookup cities.csv cityname as city OUTPUTNEW latitude,longitude| geostats globallimit=0 latfield=latitude longfield=longitude count by new_field"
0 Karma
Reply

richaGindodia
Path Finder
‎03-11-2015 01:57 AM

Hi Venkat, Did you find an answer to your question because i have similar requirement. Any pointers

0 Karma
Reply

mikaelbje
Motivator
‎01-05-2015 04:32 AM

I believe this question is a duplicate of http://answers.splunk.com/answers/106729/map-visualization-regex-for-mapping-fieldcolors.html

Try looking for the solution there. It involves using the xyseries command.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...