I have just upgraded to 4.2 and am having issues with rangemap. The below snippet worked fine in 4.1 and returned low,elevated or severe based on the input value, however no matter what value is in c...
...pp_response>\d+)\s" | rangemap field=app_response "A. Less than 0.25 seconds"=0-249 "B. More than 0.25 but less than 0.5 seconds"=250-500 "C. More than half-second but less than a second"=500-1000 d...
I'm trying to understand the usage of rangemap and metadata commands in splunk. I have gone through some documentation but haven't got the complete picture of those commands. It would be really h...
my search string is
sourcetype=health | head 1 | rangemap field=status default=severe elevated=2-2 low=1-1 | eval field=if(status==1 OR status==2, "Connected", "Not Connected")
and
s...
Hi Splunkers!
I am running the following search to try and apply a "low" rangemap value if a string matches "up", and a "severe" rangemap value if the string matches "down", but I can' t get the e...
Hello,
I'm trying to get a rangemap command to work like the below.
| rangemap field=count low=0-.5 elevated=.5-1.5 default=severe
I'm getting an Invalid range: '0-.5'.'- expected.
Will t...
I have a pie chart and use | rangemap field=test1 low=0-1 elevated=2-49 severe=50-100 . How can I get these colors to map to the green, yellow, and red?
Hi folks,
The simplexml examples provided great help when I was creating a dashboard with icons. Now, I want to do something a little different - add a fourth icon for a fourth range. I've down...
I want to group responsetimes into following groups:
0.5-1Sec 1-1.5SEC 1.5-2SEC etc.
I have multiplied the seconds with 1000:EVAL MSEC=PRT*1000 as rangemap does not work with decimals.
The rangemap...