I am new to Splunk. I am working on a dashboard that displays data from all the primary endpoints within our production stack. On this dashboard I will like to show the http status of all of our websites, preferably in a colour coded format (e.g. 404, 503 would be red, 200 would be green etc).
I have been messing around with the search function and reading some forums but I am unable to find out how to do this. It would essentially just be a curl -v (?) of the website and a grep of the status.
Ideally the data would be displayed in a dashboard like this:
www.website1.com = STATUS | www.website2.com = STATUS | etc.
Thanks for your help.
I've seen this option in a dashboard used in by the Nest Home Thermostat app.
https://splunkbase.splunk.com/app/1729/#/overview
Edit source of the Dashboard and try dropping in.
<option name="charting.seriesColors">[0x007eff,0xff8400,0x6fd600,0xd3d3d3]</option>
OR
<option name="charting.gaugeColors">[0xFFFFFF,0x6cb8ca,0x7e9f44,0xd13b3b]</option>
with the other panel options. See if you can tweak it to make it work for you.
This is my panel for HTTP Codes by time fed from IIS.
<panel>
<chart>
<title>HTTP Codes by Time</title>
<searchString>index=idx_appdev $hostgroup$ sourcetype=iis* |timechart $timechart$ count by iis_http_code limit=20 useother=f</searchString>
<earliestTime>$field1.earliest$</earliestTime>
<latestTime>$field1.latest$</latestTime>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.seriesColors">[0x007eff,0xff8400,0x6fd600,0xd3d3d3]</option>
</chart>
</panel>
Would you be displaying it as a single value visualization or something else?
This is a copy paste from another answer but
Option 1: range map in a table
See the Splunk dashboard example app https://splunkbase.splunk.com/app/1603/ for some examples of how to do this. Specifically, you will want to check out “Table Icon Set (Rangemap)”.
Option 2: use custom CSS
Additionally, in the format tab in the single value visualization there is a colors option where you can select ranges, its not set for single number values but if you add multiple ranges it should be good. (I post this as a comment not an answer because I don't have enough karma to post more replies today)
Yes as a single value for each website. So they'd display at 200 in green, or 404, 503 etc in red.