Hi Team,
I am Firewall engineer and working on creation of some dashboard.
I have created one dashboard whenever our firewall failover the dashboard will show result as "Active" & " Standby" & "Down" in Guage format.
However I would like to set up the dashboard in this way :
1) whenever firewall failover and it is in "down state" the guage color should be red
2) whenever firewall failover and it is in "Active state" the guage color should be Green
3) whenever firewall failover and it is in "Standby state" the guage color should be Amber
Does anyone know about it and help me with some sample examples to understand
I'm guessing this is Chris Younger's Number Display Viz - those spinner gauges look familiar
Is this what you're after - this is an example of setting the color field based on the desired colours
| makeresults format=csv data="State_Before,State_After,Cluster_Name
DOWN,STANDBY,Host1
STANDBY,ACTIVE,Host2
STANDBY,DOWN,Host3"
| eval color=case(State_After="DOWN", "#FF0000", State_After="ACTIVE", "#00FF00", State_After="STANDBY", "#FFBF00")
| rename Cluster_Name as value, State_After as title
| table title value colorand you end up with this
I am getting below error while using the script is their any mistake in placing the script shared by you ,
Previous script :
-------------------------
index=firewall (origin=10.254.17.* OR origin=10.254.252.* OR origin=10.254.253.*) OR *VGUK* OR *VGBR* OR *VGCY* OR *VGIN* OR *VGRU* OR *VGMY* OR *VGKC* OR *EQX* OR *PDN* OR *VSHW* | search "state change: * -> Down" OR "state change: * -> Standby" OR "state change: * -> Active" | rex field=_raw "^(?:[^:\n]*:){5}\s+(?P<State_before>[^ ]+)\s+\->\s+(?P<State_after>\w+)" | dedup Cluster_name | stats count by host,State_after
