All Apps and Add-ons

Splunk Dashboard

sathish2k8
Explorer

Hi Friends,

I am configuring the Splunk dashboard i have 12 services to monitor from 3 servers. i want to list down the services in one dashboard panel and i have to indicate in green if the service is up and running (stats count >1) if the service is down it has to show red color (stats count <1).

Thanks,
Sathish

0 Karma

nickhills
Ultra Champion

Hi - I added this post - If you find it useful, please upvote the answer, or add your own solution if you found another way!

https://answers.splunk.com/answers/606762/how-do-i-monitor-jbosstomcatapacheetc-and-raise-an.html

If my comment helps, please give it a thumbs up!

cmerriman
Super Champion

i think there might be an additional eval that's going to have to be written up. something like: eval subprocess=case(host="Server2" AND match(_raw,"%7771%"),"7771",host="Server2" AND match(_raw,"%7767%"),"7767"..... unless those values are already extracted in a field somewhere. Also, you could use rangemap instead of my eval at the bottom. https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/Rangemap

index=os (host=Server1 "-Dpico.name=Process1") OR 
(host=Server2 process_name = "Process2" ( 7771 OR 7767 OR 7768) OR ( process_name = "Process4" (SubProcess5 OR SubProcess6 OR SubProcess7 OR SubProcess8)) OR Process5) OR 
(host=Server3 (process_name = "Process2" ( 7771 OR 7767 OR 7768)) OR ( process_name = "Process3" (SubProcess1 OR SubProcess2 OR SubProcess3 OR SubProcess4)) OR Process5)
|stats count by host process_name subprocess
|eval color=if(count<1,"red","green")

mayurr98
Super Champion

have you already written the query for this? or you want someone to write it ? or you want how to show it in color?
and which splunk version you are using?

0 Karma

sathish2k8
Explorer

Splunk 6.5.3, I wrote queries but separately i want to join and list all the processes in same dashboard panel.

Queries:
index=os host="Server1" "-Dpico.name=Process1" |stats count

index=os host="Server2" process_name = "Process2" "7771" | stats count
index=os host="Server2" process_name = "Process2" "7767" | stats count
index=os host="Server2" process_name = "Process2" "7768" | stats count

index=os host="Server3" process_name = "Process2" "7767" | stats count
index=os host="Server3" process_name = "Process2" "7768" | stats count
index=os host="Server3" process_name = "Process2" "7771" | stats count

index=os host="Server3" process_name = "Process3" "SubProcess1" | stats count
index=os host="Server3" process_name = "Process3" "SubProcess2" | stats count
index=os host="Server3" process_name = "Process3" "SubProcess3" | stats count
index=os host="Server3" process_name = "Process3" "SubProcess4" | stats count

index=os host="Server2" process_name = "Process4" "SubProcess5" | stats count
index=os host="Server2" process_name = "Process4" "SubProcess6" | stats count
index=os host="Server2" process_name = "Process4" "SubProcess7" | stats count
index=os host="Server2" process_name = "Process4" "SubProcess8" | stats count

index=os host="Server3" "Process5" | stats count
index=os host="Server2" "Process5" | stats count

Expected output:
Processes | Status
Process 1 GREEN (If Running)
Process 2 RED (Not Running)
.........................................................
.........................................................

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...