Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

When there is no result filed is displays as "No logon found". I want to color that value "

Flyhigh1010
Loves-to-Learn Lots
‎09-10-2020 08:34 AM

the below displays first login in the system. If user has no logon information, it should display "No logon found" in Amber color.

When there is no result , it displays as "No logon found". I want to color that value "No logon Found" single value panel

 

 

index=XXX sourcetype="XXXX" source="*.log" user=XXXX AAA
| eval Authentication=case(XXXXXX)
| eval CredType=case(XXXX)
| eval ProductType=case(XXX)
| rename xxx As "xxxy"
| eval Time=strftime(_time,"%d %B %Y")
| stats earliest(Time) AS FirstLogin| append
[ stats count
| where count=0
| eval Messge="No data found"]
| fillnull value="No Logon Found" FirstLogin
| fields FirstLogin

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...