Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SingleValue always displays N/A if count==0

srubik
New Member
‎12-13-2012 07:41 AM

I'm trying to create a dashboard that shows the status of a few applications running on a server. I'm using the Linux for Splunk app and I'm running ps and top every minute or two. The search works fine, and I use count to see if the process is running. When I try to display it, it correctly shows "Yes" if count>0, but it shows "N/A" if count==0 instead of "No". I found a similar question here, but it was never answered. I also tried using fillnull as outlined here so that there is always a search result, but that doesn't seem to work either. I still get "N/A" when there are no results (but it still works and displays "Yes" if count>0). Is there any way to get SingleValue to display something other than "N/A" if there are no results? I'm relatively new to Splunk, so any help is appreciated. Thanks!

Here is my current code:

<view template="dashboard.html">




index="os" host="myserver"

-3m


search "MyApp1" | fillnull watch value="no_watch_value" | stats count by watch |
stats max(count) as lista | fillnull lista value="0" | eval count=if(watch=="no_watch_value",0,count) |
eval isrunning=if(count==0,"No","Yes") | rangemap field=lista low=0-4 default=severe


isrunning
MyApp1 Status
range
 <!-- SingleValue -->
 <!-- HiddenPostProcess -->

Tags (1)
0 Karma
Reply

jonuwz
Influencer
‎12-13-2012 09:21 AM

This :

... | stats count

will return 0 if there's no results

this :

... | stats count by watch

will return nothing if there's no results, because there's no 'watch' to split over, you dont get 0, so the rangemap doesnt have a value.

So you need to add a dummy line with lista=0 when appropriate.

... | stats max(count) as lista 
    | appendpipe [ stats count | eval lista=if(count==0,0,NULL) | fields - count ] | ...

etc etc. You could move the check forward in the search too, but this is the easiest way to explain it

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...