Hi Giuseppe,
Thanks for the reply.
I modified the search query given by you so as to include the latest status of the service and for that instead of aggregate function, I used "dedup" command. Please find below the query I used.
| inputlookup services.csv | append [ search index=data1 | dedup ServiceName | eval ServiceStateInBinary=if(ServiceState="Running", 1, (if(ServiceState="Stopped",0,-1))) | eval OverallServiceState=ServiceStateInBinary | table ServiceName, OverallServiceState ] | eval OverallServiceState=if(OverallServiceState=1,1,(if(OverallServiceState=0,0,(if(OverallServiceState=-1,-1,-999))))) | stats values(ServiceOwner) AS "Service Owner" values(ServiceDescription) AS "Brief Description" max(OverallServiceState) AS "OverallServiceState" by ServiceName | rangemap field=OverallServiceState severe=-999-0 low=1-1 default=low | table ServiceName "Service Owner" "Brief Description" "OverallServiceState" range
Through this, I am getting the "OverallServiceState" and "range" value as required.
Please let me know if this query is OK.
Also, I install Splunk dashboard examples for 6.x app and copied the files as you have mentioned. I did restarted Splunk after that. However after I re-executed the query, I didn't find the visualization I was looking for. Can you please tell me in which file, I have to update the following text ?
<form script="table_icons_rangemap.js, stylesheet="table_decorations.css">
Regards,
Amit Saxena
... View more