Dear all,
I created SingleValue Panels on my dashboard which shows me a status of a Application. This is my search:
... | stats count as errors | rangemap field=errors low=0-0 default=severe | replace 0 with "Service OK"
I replaced 0 with Service OK because it looks better on the monitoring TV. This works fine but I cannot change values > 0 to Service NOK. The replace function only works with string. So if Splunk counts errors, it shows me a number on my dashboard. I want to keep rangemap in my search because I want a green color if value is 0 and red color if value > 0.
Is there any other function I could use for this?
Thanks in advance for your help.
Greets nwe
I found Solution with eval and Regex...
| stats count as errors | rangemap field=errors low=0-0 default=severe | replace 0 with "Service OK" | eval errors = replace (errors,"[1-9]+","Service NOK")
Thanks for helping.
I found Solution with eval and Regex...
| stats count as errors | rangemap field=errors low=0-0 default=severe | replace 0 with "Service OK" | eval errors = replace (errors,"[1-9]+","Service NOK")
Thanks for helping.
eval and if or case?
Rangemap has a hard time doing anything if you strip off the range field afterwards.
I tried eval this but rangemap function doesnt work anymore because of new field.
... | stats count as errors | rangemap field=errors low=0-0 default=severe | eval status = if(errors = 0, "Service OK", "Service Down") | fields - errors, - range