I am trying to use the Flow Viz Map app with dynamic values utilizing the icons but am having...
This is what I have so far (only drawing one 'tablet' OR the 2 'database' elements but not both and no flow is visable):
index=main sourcetype="*:application"
| stats sum(eval(event_severity_code="SUCCESS")) as good
sum(eval(event_severity_code="ERROR")) as errors
sum(eval(event_severity_code="WARNING")) as warn by host
| eval path=if(like(host,"business%"),"BEL---"+host,"")
| eval node="BEL" how do I add more than one node?
| eval icon=if(match(node,"BEL"),"tablet","database")
| table path node good warn error icon
This second query returns correct results but with no icons:
index=main sourcetype="*:application"
| stats sum(eval(event_severity_code="SUCCESS")) as good
sum(eval(event_severity_code="ERROR")) as errors
sum(eval(event_severity_code="WARNING")) as warn by host
| eval to=host, from="BEL"
| table to from good warn error
Any help would be appreciated 🙂
Thank you @chrisyoungerjds for your help - I was able to achieve these results with your help 🙂
... View more