Hi All,
I am quite new to Splunk, and I am trying to plot a graph that just represent if a service (CICS Region) is up or down without the need to have this info over time, we just would like to have a graph that represent the name of the service and a red/green indicator.
To do so we are collecting the info from the server collecting them as below:
Thu Sep 15 15:49:41 CEST 2016;CICSR1;available
Thu Sep 15 15:49:41 CEST 2016;CICSR2;available
Thu Sep 15 15:49:41 CEST 2016;CICSR3;available
Thu Sep 15 15:49:41 CEST 2016;CICSR4;available
and doing a search as below:
source="../SPLUNK_cics_region_control.txt" host="CICS_REGION" sourcetype="csv" CICS_REGION="CICSR1" | eval AVAILABILITY = if(AVAILABILITY="available","OK","KO") | dedup 1 source
In this way we are able to select the last event, with the information if OK/KO.
May you please suggest how to plot the info to represent the service with a red/green indicator if OK/KO?
Best Regards,
Edoardo
You can use single value visualization and here's a previous discussion similar to what you are trying to achieve