Hello Splunkers,
I have data in the following format:
/dev/mapper/splunkcisvg-auditlv 8.0G 353M 7.7G 5% /var/log/audit
/dev/sda1 509M 164M 346M 33% /boot
which i am parsing using regex expression in query
index=* sourcetype="disk_load"
|rex "(?^[\w\/-]*)[ ]*(?[\d\w.]*)[ ]*(?[\d\w.]*)[ ]*(?[\d\w.]*)[ ]*(?[\d]*)%[ ]*(?[\w\/]*)"
| stats list(FileSystem), list(Use) ,values(Mounted) by host
The issue i am having is i need to red color the values where ever the "Use" field has value greater than 70 .
I tried table formatting but its not showing any color. I have used range option but its not resulting in any color
Guys please help
@kannu you are trying to apply Table color on a field with Multiple Values (which may not working without using Simple XML JS and CSS Extensions).
Following is what you should try instead with your query and apply color on Use Field?
<yourCurrentSearch>
| stats count by host FileSystem Use Mounted
@kannu you are trying to apply Table color on a field with Multiple Values (which may not working without using Simple XML JS and CSS Extensions).
Following is what you should try instead with your query and apply color on Use Field?
<yourCurrentSearch>
| stats count by host FileSystem Use Mounted
@niketnilay ,
So how can i do it using xml or css , just point me to right direction
See one of my recent answers in case your table as multi-values and you want to color them based on range: https://answers.splunk.com/answers/694420/is-it-possible-to-highlight-a-value-within-a-multi-1.html