Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

want to add extra details to the number display

Ashish0405
Path Finder
‎12-16-2024 11:37 PM

Would anyone be able to help me on one more thing please !!! 

I have a Number display dashboard which represent the BGP flap details as # Device_name & #BGP peer IP , however I cannot add the timing when the BGP flap on Number display

Current Query : index="network" %BGP-5 *clip* | rex field=_raw "^(?:[^ \n]* ){4}(?P<Device_name>[^:]+)" | dedup Device_name,src_ip | stats count by Device_name,src_ip,state_to | eval primarycolor=case(state_to="Down", "#D93F3C", state_to="Up", "#31A35F") | eval secondarycolor=primarycolor

Ashish0405_0-1734421057901.png

 

 

Is there something we can add to display flap time in the same number display

 

Labels (3)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-16-2024 11:50 PM

Hi @Ashish0405 ,

at first you don't need dedup before stats:

index="network" %BGP-5 *clip* 
| rex field=_raw "^(?:[^ \n]* ){4}(?P<Device_name>[^:]+)" 
| stats count by Device_name src_ip state_to 
| eval 
     primarycolor=case(state_to="Down", "#D93F3C", state_to="Up", "#31A35F"),
     secondarycolor=primarycolor

then, what do you mean with flat time? if the time borders of your search, you can use addinfo command (https://docs.splunk.com/Documentation/Splunk/9.4.0/SearchReference/Addinfo) that with the info_min_time and info_max_time fields gives you the time borders of your search.

index="network" %BGP-5 *clip* 
| rex field=_raw "^(?:[^ \n]* ){4}(?P<Device_name>[^:]+)" 
| stats count by Device_name src_ip state_to 
| eval 
     primarycolor=case(state_to="Down", "#D93F3C", state_to="Up", "#31A35F"),
     secondarycolor=primarycolor
| addinfo
| table Device_name src_ip state_to count primarycolor secondarycolor info_min_time info_max_time

Ciao.

Giuseppe

0 Karma
Reply

Ashish0405
Path Finder
‎12-17-2024 12:07 AM

Flap time = when one of the peer or you can consider the cable connected to device went down

 

If you see below dashboard we can see the device IP + Flap time , In the other dashboard you can see the Device_name + Device IP, I just want to see all 3 details ( Device name, Device IP & Flap time) in one dashboard,

 

Does it answered your query ? 

Ashish0405_0-1734422730663.png

 

0 Karma
Reply

Ashish0405
Path Finder
‎12-17-2024 12:13 AM

below image should give some clarity,  Currently I have 2 different dashboard and I want single dashboard with all 3 details.

Ashish0405_0-1734423117726.png

 

0 Karma
Reply

Ashish0405
Path Finder
‎12-17-2024 09:59 PM

can anyone help me on it please

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎12-18-2024 01:45 AM 
| eval Device=Device_name.":".src_ip
| table Device state_to count primarycolor secondarycolor info_min_time info_max_time
Reply

Ashish0405
Path Finder
‎12-18-2024 04:09 AM

Thank you so much, the eval command is magical !!!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Level Up Your .conf25: Splunk Arcade Comes to Boston

With .conf25 right around the corner in Boston, there’s a lot to look forward to — inspiring keynotes, ...

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Although it might seem daunting, as we’ve seen in this series, manual instrumentation can be straightforward ...

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Ready to make your IT operations smarter and more efficient? Discover how to automate Splunk alerts with Red ...