Solved: In a visualization that returns successful job sta...

Akumar294 · ‎10-01-2018

Hello Folks,

I have a search query which collects the count of successful status of jobs. Success will always equal "one" since i have used transaction command. If the count is "one" , it will fill the box with the color green. If the count is 0, it will fill the box with the color red.

I have had no problem until this recent time. Also i have used <option name="unit">teeChat</option> to fill the box with string of my choice.

The problem is, the search is appending the count of the value next to "teechat". For e.g. , if it is a success, my visualization is coming as teechat1(of course filled with green color), but i just want "teechat and not the value.

<dashboard>
  <label>Job_Status_Dashboard</label>
  <row>
    <panel>
      <single>
        <search>
          <query>index="xcenter" sourcetype="agent" PMS_01_unzip_rename|rex field=_raw "\.(?<Job_Number>\d\d\d\d\d\d\d)\."| transaction Job_Number|search teechat|search "Completed Message Sent"|stats count</query>
          <earliest>0</earliest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="colorBy">value</option>
        <option name="colorMode">block</option>
        <option name="drilldown">all</option>
        <option name="height">75</option>
        <option name="numberPrecision">0</option>
        <option name="rangeColors">["0x00cc00","0x6db7c6"]</option>
        <option name="rangeValues">[0,5]</option>
        <option name="refresh.display">progressbar</option>
        <option name="showSparkline">1</option>
        <option name="showTrendIndicator">0</option>
        <option name="trendColorInterpretation">inverse</option>
        <option name="trendDisplayMode">absolute</option>
        <option name="trendInterval">-1h</option>
        <option name="underLabel">PMS_01_UNZIP_RENAME</option>
        <option name="unit">teeChat</option>
        <option name="unitPosition">before</option>
        <option name="useColors">1</option>
        <option name="useThousandSeparators">0</option>
      </single>
    </panel>
  </row>
</dashboard>

nswondem · ‎10-05-2018

The following lines tell Splunk that you would like to use teechat as the unit and to place the unit before the value:

<option name="unit">teeChat</option>
<option name="unitPosition">before</option>

So it appears that Splunk is doing as asked. You might want to consider using an if statement to set count to "teechat" if count is 1. That way the only value being passed to the visualization is teechat.

| eval count=if(count=1, "teechat","something else") | table count

View solution in original post

nswondem · ‎10-05-2018

The following lines tell Splunk that you would like to use teechat as the unit and to place the unit before the value:

<option name="unit">teeChat</option>
<option name="unitPosition">before</option>

So it appears that Splunk is doing as asked. You might want to consider using an if statement to set count to "teechat" if count is 1. That way the only value being passed to the visualization is teechat.

| eval count=if(count=1, "teechat","something else") | table count

woodcock · ‎10-11-2018

I concur. Furthermore, I do not understand at all what you are trying to change. You have explained what you are doing reasonably well, but not specifying clearly exactly how it needs to change.

Akumar294 · ‎10-01-2018

@niketnilay
@woodcock

mstjohn_splunk · ‎10-12-2018

hi @akumar294,

Did the answer below solve your problem? If so, please resolve this post by approving it! If your problem is still not solved, keep us updated so that someone else can help ya. Thanks for posting!

In a visualization that returns successful job statues, can you help me with an issue I'm having with single value coloring?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life