How to define colors as per ranges using rangemap ...

SanthoshSreshta · ‎05-18-2015

Hi All.

I want alerts to be displayed on map for easy understanding.
i have used this Query

source="Churn_Map.csv" sourcetype="Churn_map" 
| eval Churn = if(Churn="True.","1","0") 
| eventstats sum(Churn) as true_churn , count(Churn) as total_churn by state 
| eval prop= true_churn*100 / total_churn 
| geostats values(prop) by StateName globallimit=0
| rangemap field=prop green=0-5 yellow=6-10 orange=11-15 default=red

but colors are not displaying as i defined. any improvements.?
the values are from min 5 to max 20. so i need alerts to seen on pie charts on map,by default it is showing some colors.
Green : 0-5
Yellow : 6-10
Orange :11-15
Red : 16 and above.
any reference documents and links are really appreciated 🙂

Thanks,
Santhosh.

jaracan · ‎03-08-2018

Because the field "prop" is not existing anymore. You can add the "as" on your command to name it as prop again.

Something like this.
| geostats values(prop) as prop by StateName globallimit=0

vganjare · ‎05-19-2015

Can you please check the answer provided in http://answers.splunk.com/answers/232462/how-to-display-a-range-in-color-good-or-fault.html

SanthoshSreshta · ‎05-19-2015

I am not able to understand that @vganjare

How to define colors as per ranges using rangemap in geostats map.?

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk