Solved: charting an event with a binary state?

dang · ‎03-31-2011

I'm looking to create a view that shows whether a service is up or down. Does anyone have an example of how to chart a sort of green light/red light display on a view?

hazekamp · ‎03-31-2011

dang,

Assuming you have a field called 'state' with binary values 0/1 you could do something like:

<my search> | head 1 | rangemap field=state low=0 default=severe

In the above search "head 1" get's us the last state. You could also do this with 'stats last(state)'. Rangemap is a command that maps field values into ranges. In this case we map 0 to low (green) and 1 to severe (red)

See also:

http://answers.splunk.com/questions/6777/add-image-to-search/13265#13265

http://answers.splunk.com/questions/7732/rangemap-command

http://www.splunk.com/base/Documentation/4.2/Developer/AddASingleButton

View solution in original post

hazekamp · ‎03-31-2011

dang,

Assuming you have a field called 'state' with binary values 0/1 you could do something like:

<my search> | head 1 | rangemap field=state low=0 default=severe

In the above search "head 1" get's us the last state. You could also do this with 'stats last(state)'. Rangemap is a command that maps field values into ranges. In this case we map 0 to low (green) and 1 to severe (red)

charting an event with a binary state?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms