Dashboards & Visualizations

How to use a Token to set a value in a heatmap?

jh007
New Member

I have a scenario where I have multiple Splunk severs where I want to use heatmaps, but need to adjust the heatmap ranges based on the size of the system. My hope is to perform a query to assess the system's size, create a percentage based token value, then set that value underneath the heapmap ranges for my other queries on my dashboard (e.g. if over 100 systems, set green range to < 1%, yellow > 1%, red > 5%).

Is this possible and how would I go about doing it?

0 Karma

albinortiz
Engager

@niketnilay, @jh007 - In summary, 90-100% = GREEN, 70 - 89% YELLOW, 0 - 69% RED

0 Karma

niketn
Legend

@jh007, which visualization are you using? Is this Calendar Heatmap or something else (custom)? What are you measuring when you say <1% green etc? Is this for Systems that are down?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

jh007
New Member

I am using a standard dashboard button with a count for the total number of events for each query I run. My plan would be to run an assessment of the total number of systems in comparison to the number of down hosts or number of events (within one query) to then produce the percentage based heat map. I see trying to create a case/eval statement within each query to ensure I produce a percentage range response that is "right sized" to each on of my systems.

Hopefully that makes sense? Further, if there is a better way to approach this with or without tokens I am all ears.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...