Splunk Search

How to Edit my search Query to Show images in the Dashboard panel?

kiran331
Builder

Hello

How to add the images in Splunk Dashboard panel, I have to show a 'Tick' mark when I see logs from a Index and 'X' mark if i'm not receiving logs n last 24 hours

like

cisco_asa cisco_wsa wineventlog
X X X

Query I'm using :
(index=cisco_asa OR index=lenel OR (index=wineventlog) OR index=rsa OR index=lenel OR index=cisco_wsa OR index=cisco_esa OR index=mcafee OR index=esteamer )|dedup index|eval status="Logs Reveived"

Tags (2)
0 Karma
1 Solution

somesoni2
Revered Legend

For the visualization part, download Splunk 6.x Dashboard example app from Splunk base. You need to specifically look for 'Table Icon Set (Range map)' example under 'Table Elements'. This will require setting up some java script and css file.

You can use below search with above example dashboard to show an icon based on logs receive timestamp on the index (and faster too).

| tstats max(_time) as lastSeen WHERE (index=cisco_asa OR index=lenel OR (index=wineventlog) OR index=rsa OR index=lenel OR index=cisco_wsa OR index=cisco_esa OR index=mcafee OR index=esteamer ) earliest=-3d@d by index | eval range=if(now()-lastSeen>86400,"severe","low") | table index range

View solution in original post

0 Karma

somesoni2
Revered Legend

For the visualization part, download Splunk 6.x Dashboard example app from Splunk base. You need to specifically look for 'Table Icon Set (Range map)' example under 'Table Elements'. This will require setting up some java script and css file.

You can use below search with above example dashboard to show an icon based on logs receive timestamp on the index (and faster too).

| tstats max(_time) as lastSeen WHERE (index=cisco_asa OR index=lenel OR (index=wineventlog) OR index=rsa OR index=lenel OR index=cisco_wsa OR index=cisco_esa OR index=mcafee OR index=esteamer ) earliest=-3d@d by index | eval range=if(now()-lastSeen>86400,"severe","low") | table index range
0 Karma

kiran331
Builder

Thank you. Is there a way to export it to PDF with icons in it, When I try to export the PDF its missing the icons and showing as low.

0 Karma

somesoni2
Revered Legend

AFAIK, there is no way for that. The PDF engine doesn't respect lot of table formatting, including this one.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...