Alerting

Trigger without alert?

wuming79
Path Finder

Hi,

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table _time, endpoint, temperature | eval threshold = 50 | where temperature > threshold

Is it possible to use Marker Gauge in Visualization to show that there is a trigger of temperature above 50?

Tags (1)
0 Karma
1 Solution

inventsekar
Ultra Champion

(as a comment, i can not attach the photo.. thus adding as an answer)

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
Yes, this will work..
table temperature will give you a single column and the first value of the column will be shown on the gauge. also below the gauge you will get a list of other values.

Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike? ///
it should work i think. you can format the gauge with two colors (green for below 50, red for above 50 and i think you need to run a "real time" search. the gauge will automatically show the value as it changes. )

alt text

View solution in original post

0 Karma

inventsekar
Ultra Champion

(as a comment, i can not attach the photo.. thus adding as an answer)

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
Yes, this will work..
table temperature will give you a single column and the first value of the column will be shown on the gauge. also below the gauge you will get a list of other values.

Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike? ///
it should work i think. you can format the gauge with two colors (green for below 50, red for above 50 and i think you need to run a "real time" search. the gauge will automatically show the value as it changes. )

alt text

0 Karma

inventsekar
Ultra Champion

Hi Wuming79, can you give us more info please...
the gauge can be used when we get only one result (a single value result).
like, the count of servers, count of errors, etc..

more details -
https://docs.splunk.com/Documentation/Splunk/6.6.1/Viz/CreateGauges

wuming79
Path Finder

My live logs are showing temperature of a device. I like to use dashboard to display the temperature of the live input when it goes over 50. As I can't use the alert feature because the feature was disabled, I like to use dashboard as an alternative for the time being to show that I can see the temperature is over the threshold of 50C.

0 Karma

wuming79
Path Finder

I figured I could just use the search below to display single column. Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike?

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...