Hi all, I'm currently using Splunk Cloud and my focus is to display status icons as values based on the search results in my classic dashboard table. I found a way to display only the icon with html but at the same time im struggling to assign the icon based on the result from the search query (if result active, pass icon check-circle else default pass icon warning/error etc.). How can I achieve this ? Any tweaks from this code attached will be much appreciated! <row> <html> <div> <td class="icon-inline numeric"> <i>Range icon: </i> <i class="icon-check-circle" style="color: green"><var>low</var></i> <i class="icon-alert" style="color: orange">warning</i> <i class="icon-alert-circle" style="color: red">error</i> </td> </div> </html> </row> <row> <panel> <table id="t1"> <search> <query>index=XXX host=* | eval host=upper(host) | stats count BY host | eval count=1, host=upper(host) | fields host count | stats sum(count) AS total BY host|rangemap field=total low=1-10 default=severe</query> <earliest>-30m@m</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> </search> <option name="count">100</option> <option name="dataOverlayMode">none</option> <option name="drilldown">none</option> <option name="percentagesRow">false</option> <option name="rowNumbers">false</option> <option name="totalsRow">false</option> <option name="wrap">true</option> </table> </panel> </row>   ... View more

Hi all, I want to extract the following word with rex expression: ABC\qq1234  expected result: qq1234 Please note that the substring needed will always after ABC\. Any help will be appreciated! ... View more

Hi all, I'm trying to create category based on host category: Lab,Personal,Staff and get workstations to be counted for each category. I tried using below and it gives desired results however it doesn't work when I applied boolean expression (OR) on more details in certain category. <base search>| eval category = case(match(host,"ABC-*"),"Staff",match(host,"DESKTOP*" OR host,"PC-*"),"Lab",true(),"Personal")|stats count by category,host|sort -count|stats sum(count) as Total list(host) as Workstation_Name list(count) as count by category|where Total>1|sort Total Expected Result: category | Total |     Workstation_Name     | count     Staff          5                   ABC123                            2                                                ABC345                           3      Lab            2               DESKTOP123                     1                                                    PC123                           1      Personal   1                        Etc...                              1   Any help would be much appreciated!       ... View more

Hi, I'm trying to display only a value in one particular column, for instance represent one team for different status. This is what I've done so far: index=xxx | stats count by Team, status *my expecting result is to have only one "DevOps" to represent team for different status displayed. Team        |     Status         | Count DevOps     Assigned           10                       Pending              5                       New                      2                       Resolved            1                         .......... Many thanks for any help 🙂 ... View more

Hi, I am a newbie in Splunk. I have to write a splunk query to get the status_code count for error(status range 300 and above) and success(status range 200-299) by host. This is my current search(24 hrs) but unfortunately return 0 result except for host list displayed index=xxxx  host=*  status=* | stats count(status>=300) as "Error", count(status<299) as "OK" by host Expected result: Host          |          Error          | OK ---------------------------------------- xxxx           |          23              |  1 ... View more