How to use singleDecorations.css with search?

jbueso · ‎07-20-2015

Hi

I am trying to use examples given with Single Value Decorations, but i am not able to get it working correctly. Every example is given with searchString:

 <searchString>| stats count as value | eval value = 550 | rangemap field=value none=0-99 low=100-199 guarded=200-299 elevated=300-399 high=400-499 severe=500-599 default=none</searchString>

When I try to use it with my simple "search", it doesn't work

<dashboard stylesheet="single_decorations.css">
  <label>test</label>
  <row>
    <panel>
      <title>test</title>
      <single>
        <search>
          <query> | dbquery ORACLE_SVCM  "SELECT  count(problems) FROM db1 WHERE STATUS!='closed''" </query>
          | stats count as value | eval value | rangemap field=value none=0-99 low=100-199 guarded=200-299 elevated=300-399 high=400-499 severe=500-599 default=none
          <earliest>0</earliest>
          <option name="classField">range</option>
          <option name="field">value</option>
        </search>

Anyone could give me some help to advance?

MuS · ‎07-20-2015

Hi jbuesco,

this makes no sense:

<query> | dbquery ORACLE_SVCM  "SELECT  count(problems) FROM db1 WHERE STATUS!='closed''" </query>
           | stats count as value | eval value | rangemap field=value none=0-99 low=100-199 guarded=200-299 elevated=300-399 high=400-499 severe=500-599 default=none

The stats part of the search is outside the query tag. Since I don't have any of your events available I can only assume that the following might work for you:

<query> 
| dbquery ORACLE_SVCM  "SELECT  count(problems) FROM db1 WHERE STATUS!='closed''" 
| stats count as value 
| rangemap field=value none=0-99 low=100-199 guarded=200-299 elevated=300-399 high=400-499 severe=500-599 default=none
</query>

Hope this helps ...

cheers, MuS

How to use singleDecorations.css with search?

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk