Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get a panel to display a single value of Yes(Green)/No(red) or True(Green)/False(Red) based on the search result?

agoktas
Communicator
‎10-02-2015 01:12 PM

Hello,

I have a log entry that will display: Processor being destroyed

And when it does (within my real-time search (all time)), I want to display Yes (Green) in a dashboard panel.

When it has not yet occurred, I want the dashboard panel to display No (Red).

If yes/no is not possible and True/False is, then that is ok too. 🙂

Thanks!

0 Karma
Reply

muebel
SplunkTrust
SplunkTrust
‎10-03-2015 02:26 PM

Sounds like you might want to check out using rangemap with a single value panel : http://docs.splunk.com/Documentation/Splunk/6.2.5/SearchReference/Rangemap#Using_rangemap_with_singl...

0 Karma
Reply

somesoni2
Revered Legend
‎10-02-2015 01:16 PM

Look at the SPlunk 6.x dashboard example app (link below) and look at the examples for Single value. You'll find similar/better options to achieve the same.

https://splunkbase.splunk.com/app/1603/

0 Karma
Reply

agoktas
Communicator
‎10-02-2015 01:55 PM

Unfortunately we're only on 6.2, so we have some limitations with single values.

Does anyone have any examples they have setup pre 6.3?

0 Karma
Reply

somesoni2
Revered Legend
‎10-02-2015 02:22 PM

The above app does work for 6.2.

If you just want to display Yes/No for value in the single value panel, you can have your search like this (sample)

your base search "Processor being destroyed" | head 1 | stats count | eval result=if(count=1,"True","False") | table result

0 Karma
Reply

agoktas
Communicator
‎10-02-2015 02:54 PM

That's perfect! Thanks for that.

Would you happen to know how to make the text on "True" green & the text color on "False" red?

Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...