Dashboards & Visualizations

one rangemap column for multiple values

michaelrosello
Path Finder

I'm trying to create a single column with status indicator for three different values from my table. just like the Table Icon Set in the Splunk Dashboard Example App.

Looking at this example of what output i'm trying
I have one column for rangemap with three different values
alt text

my data would look like this.

index=_internal 
| stats count by sourcetype,source,host 
| eval count2 = count*1.5 
| eval count3=count*1.6
Tags (3)
0 Karma

njohnson7
Path Finder

@niketnilay I use the red cross mark from emojibase in the way you have described above. I tried different versions, my problem is that , it is not coming in red colour, looks like the default colour of other texts in the table.

0 Karma

niketn
Legend

@njohnson7 you can refer to one of older Splunk Answers post, you can apply Table Cell color based on icon like check or cross as green and red respectively.

https://answers.splunk.com/answers/659050/unicode-characters-in-dashboardssearches.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

njohnson7
Path Finder

@niketnilay yea ofcourse cell colouring is what i have done for the time being. My question was only for the colour of the check mark and cross mark and likes. For instance , the hearts in your example seem to have colours on their own.

0 Karma

niketn
Legend

@njohnson7 thats the problem with Unicode characters. Only sometimes they can have colors of their own. You can use Simple XML JS extension instead to better control icons within table cells.

However, I tried the following icons and they worked fine for me.

Green Check Mark
Red Cross Mark

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketn
Legend

@michaelrosello, while the best approach for you is to try this out using Simple XML JS Extension with Splunk JS Stack, I wanted to document a different approach.

You can use Unicode Characters directly in SPL and display in table visualization. The same can be saved as Simple XML Dashboard. Hence you avoid JavaScript dependency. However, the line with Unicode characters will be difficult to edit as it is combination of characters. Also, at present Green Circle and Yellow Circle are not added to Unicode Characters (likely to be added in 2019).

So following approach uses Heart Icons using Unicode characters.
1. Black Heart
2. Red Heart
3. Yellow Heart
4. Green Heart

alt text

Hope you have already looked at other options using:
1. Traffic Light Visualizations
2. Status Indicator Custom Visualization
3. Scalable Vector Graphics

PS: I am unable to post the Simple XML Dashboard Code with Unicode Characters on Splunk Answers, so I am attaching screenshot. You can pick the Unicode Characters for your SPL from the links provided for respective characters.

alt text

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketn
Legend

@michaelrosello please add more details around your requirement with single column with three values.

What is the query behind? If icon is not there what would be their respective values/thresholds? Also what is the reason for not splitting them in three columns? What would be the column name (in your sample screenshot it is single value called range)?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

michaelrosello
Path Finder

The reason is I'm trying to make it look like a horizontal traffic light. there would be no null value as we can always use the fillnull function.
| have provided the query, there would be three values with different fieldname

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...