Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
All Apps and Add-ons
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Not getting the store value in pop ups on dots in ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not getting the store value in pop ups on dots in map.
kumar_pashupati
New Member
01-08-2019
02:30 AM
Please tell me how to get the store value in pop ups in the map after hovering. Here in the output , based on the condition, dots display.I want to display store number in pop ups on dots in map. Whenever I change the query, color condition fails.My query is working fine but not showing the store value in pop ups on dots in map.Below is the query.
| inputlookup store_data_api.csv
| rename store_number as store
| eval storeStatus = "1"
| join type=left store
[
| search index="mon_prod" device="pos" ( (process="cpu_metrics") OR (process="mem_metrics") OR (process="top_process_metrics") OR (process="disk_usage_metrics" disk_mount_point="/" ) )
| stats avg(cpu_total) as cpu_avg, latest(process_mem) as process_mem, latest(disk_used) as disk_used, latest(disk_available) as disk_available, latest(memtotal) as memtotal, latest(memfree) as memfree count by deviceid, device, store
| eval disk_percent = ((disk_used/(disk_available+disk_used))*100)
| eval mem_percent = (((memtotal-memfree)/memtotal)*100)
| eval status = case(
((cpu_avg >=95) OR (disk_percent >=90) OR (mem_percent >=98) OR (process_mem >1)),"3000",
((cpu_avg < 95 and cpu_avg >90) OR (disk_percent <90 and disk_percent >=70) OR (mem_percent < 98 and mem_percent >=94 ) OR (process_mem =1)),"2000" ,
((cpu_avg <90 and cpu_avg >= 0) OR (disk_percent < 70) OR (mem_percent < 94 ) OR (process_mem <1)),"1000"
)
| table _time,store,deviceid,device,process,cpu_avg,disk_percent,mem_percent,process_mem,status,disk_mount_point
| stats count by store status
| stats max(status) by store
| rename max(status) as storeStatusPOS
]
| join type=left store
[
| search index="mon_prod" device="boh" store="*" ( (process="cpu_metrics") OR (process="mem_metrics") OR (process="top_process_metrics") OR (process="disk_usage_metrics" (disk_mount_point="/" OR disk_mount_point="/appl" OR disk_mount_point="/var/lib/postgresql/9.3/main")) )
| stats latest(disk_used) as disk_used, latest(disk_available) as disk_available count by deviceid, device, store, disk_mount_point
| eval disk_percent = ((disk_used/(disk_available+disk_used))*100)
|lookup devicememvalues.csv deviceid outputnew mem_percent cpu_avg process_mem
| eval disk_mount_point=if(disk_mount_point="/","root",disk_mount_point)
| eval status1 =
if(disk_mount_point="root", case(((cpu_avg >90) OR ( disk_percent >90) OR (mem_percent >98) OR (process_mem >1)),"3000"),"0")
| eval status2=
if(disk_mount_point="/appl", case(((cpu_avg >90 and cpu_avg >70) OR (disk_percent >88) OR (mem_percent >98) OR (process_mem >1)),"3000") ,"0")
| eval status3=
if(disk_mount_point="/var/lib/postgresql/9.3/main",case(((cpu_avg >90) OR (disk_percent >85) OR (mem_percent >98) OR (process_mem >1)),"3000"),"0")
| eval status4 =
if(disk_mount_point="root", case(((cpu_avg < 90 and cpu_avg >70) OR ( disk_percent >70 and disk_percent <90 ) OR (mem_percent < 98 and mem_percent >94 ) OR (process_mem =1)),"2000"),"0")
| eval status5=
if(disk_mount_point="/appl", case(((cpu_avg < 90 and cpu_avg >70) OR (disk_percent <88 and disk_percent >75) OR (mem_percent < 98 and mem_percent >94 ) OR (process_mem =1)),"2000") ,"0")
| eval status6=
if(disk_mount_point="/var/lib/postgresql/9.3/main",case(((cpu_avg < 90 and cpu_avg >70) OR (disk_percent <85 and disk_percent >70) OR (mem_percent < 98 and mem_percent >94 ) OR (process_mem =1)),"2000"),"0")
| eval status7 =
if(disk_mount_point="root", case(((cpu_avg <70 and cpu_avg >= 0) OR ( disk_percent <70) OR (mem_percent <94 and mem_percent >=0 ) OR (process_mem <1)),"1000"),"0")
| eval status8=
if(disk_mount_point="/appl", case(((cpu_avg <70 and cpu_avg >= 0) OR (disk_percent <75) OR (mem_percent <94 and mem_percent >=0 ) OR (process_mem <1)),"1000") ,"0")
| eval status9=
if(disk_mount_point="/var/lib/postgresql/9.3/main",case(((cpu_avg <70 and cpu_avg >= 0) OR (disk_percent < 70) OR (mem_percent <94 and mem_percent >=0 ) OR (process_mem <1)),"1000"),"0") | fillnull value=1
| eval status=status1." ".status2." ".status3." ".status4." ".status5." ".status6." ".status7." ".status8." ".status9
| rex field=status "(?<status>\d{4})"| stats values(status) as status by deviceid,store
| eval status = case(status="3000","3000",status="2000","2000",status="1000","1000")
| table _time,store,deviceid,device,process,cpu_avg,disk_percent,mem_percent,process_mem,status,disk_mount_point
| stats count by store status
| stats max(status) by store
| rename max(status) as storeStatusBOH
]
| table latitude,longitude,storeStatusPOS,storeStatusBOH,store
| eval phStore= "PH"+ store
| eval PP=store
| eval storeStatus=if(storeStatusPOS>storeStatusBOH,storeStatusPOS,storeStatusBOH)
| fillnull value=1 storeStatus
| geostats latfield=latitude longfield=longitude values(phStore) sum(storeStatus) as Total
| eval redCount = if(Total>= 3000,Total, 0)
| eval yellowCount = if(Total<3000 and Total>=2000,Total, 0)
| eval greenCount = if( Total <2000 and Total>=1000,Total,0)
| eval greyCount = if( Total < 1000,Total,0)
| fields - Total,store
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
shaskell_splunk
Splunk Employee
05-02-2019
09:20 AM
If you want the store to show as a hover (tooltip) then you'll need to |eval tooltip=store and make sure tooltip is in your final | table.
If you want store to show as a popup when you click the marker you'll need to | eval description=store and make sure description is in your final | table.
If you want both, | eval tooltip=store, description=store | table latitude, longitude, tooltip, description
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kumar_pashupati
New Member
01-09-2019
09:08 PM
Any Idea , please help
Get Updates on the Splunk Community!
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
Introducing the 2024 SplunkTrust!
Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!
The ...
