Re: How to get a panel to display a single value o...

agoktas · ‎10-02-2015

Hello,

I have a log entry that will display: Processor being destroyed

And when it does (within my real-time search (all time)), I want to display Yes (Green) in a dashboard panel.

When it has not yet occurred, I want the dashboard panel to display No (Red).

If yes/no is not possible and True/False is, then that is ok too. 🙂

Thanks!

muebel · ‎10-03-2015

Sounds like you might want to check out using rangemap with a single value panel : http://docs.splunk.com/Documentation/Splunk/6.2.5/SearchReference/Rangemap#Using_rangemap_with_singl...

somesoni2 · ‎10-02-2015

Look at the SPlunk 6.x dashboard example app (link below) and look at the examples for Single value. You'll find similar/better options to achieve the same.

https://splunkbase.splunk.com/app/1603/

agoktas · ‎10-02-2015

Unfortunately we're only on 6.2, so we have some limitations with single values.

Does anyone have any examples they have setup pre 6.3?

somesoni2 · ‎10-02-2015

The above app does work for 6.2.

If you just want to display Yes/No for value in the single value panel, you can have your search like this (sample)

your base search "Processor being destroyed" | head 1 | stats count | eval result=if(count=1,"True","False") | table result

agoktas · ‎10-02-2015

That's perfect! Thanks for that.

Would you happen to know how to make the text on "True" green & the text color on "False" red?

How to get a panel to display a single value of Yes(Green)/No(red) or True(Green)/False(Red) based on the search result?

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector