Hi All, i am newbie to Splunk and need an assistance in writing a splunk dashboard where i wish to replace the average transaction duration value with a range string. For eg. if the Transaction duration is between 0-6 sec, rather then displaying an actual average duration (number) it should display a text "Green".
Condition : 0-6 Green , 7-20 Amber, >20 Red
Draft Query is given below.
index=XXX_XXX sourcetype=XXX_YYY source=YXYX_YCYC
Search String
| transaction correlationId keepevicted=true
| timechart span=5m avg(duration) as response_health by activityName
| convert ctime(_time) as _time timeformat="%H:%M %p"
| fillnull
... View more