Hi,
I've done a lot of research and have applied many different "fixes" but none have seemed to work.
I'm trying to build a Splunk server status dashboard that shows either "OK" or "down". The two values that I'm working with are 0 and 1. 0 being OK and 1 being down.
I've tried adding rangemap (|rangemap field=Status low=0-0 severe=1-1 ) which didn't resolve my issue.
Can someone look at my code and determine what I'm doing wrong?
my version is 6.5.2
<dashboard>
<label>SplunkHealth</label>
<row>
<panel>
<title>Indexer 01</title>
<single>
<search>
<query>|inputlookup all_servers.csv | eval splunk_server=host | join type=left splunk_server [|rest /services/server/info] | join type=left splunk_server [| rest /services/server/status/resource-usage/hostwide ]|fillnull value="Non-Reporting" | eval Status=if(updated="Non-Reporting",1,0) |rename splunk_server AS Server| search role=indexer |search Server=slpsplnkidl01 | table Status | eval Status=case(Status=0, "OK", Status=1, "DOWN")</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">["0x65a637","0xd93f3c"]</option>
<option name="rangeValues">[0,1]</option>
<option name="field">Status</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
</single>
</panel>
</row>
</dashboard>
... View more