server status on dashboard

sphiwee · ‎09-02-2020

Good day everyone

How can I visualize and edit this query to show the status of our servers, ONLINE/OFFLINE ?

gcusello · ‎09-02-2020

you can see in Dashboard Examples (https://splunkbase.splunk.com/app/1603/) in the "Table Icon Set (Rangemap)" dashboard how to display status using an icon instead a value.

In few words, you have to add to your app a css and a js (that you can find in Dashboard Examples) called by the dashboard

<form script="table_icons_rangemap.js" stylesheet="table_decorations.css">

then you have to assign an id at your table:

 <table id="table1">

At the end, you have to add to your search the rangemap command, something like this:

index=intau_workfusion host=*
| stats dc(ClusStatus) AS statuses BY host
| rangemap field=statuses severe=0-1 low=2-1000000000 default=severe
| table host range

In this way if statuses=0 or 1 you have a red icon and statuses>1 you have a green icon.

if you want to change the name of the range column, you have to modify also the table_icons_rangemap.js file.

Remember to restart Splunk after you added css and js to the app and reload the page at every change in the dashboard otherwise you don't see the icons.

Ciao.

Giuseppe

server status on dashboard

chart

count

eval

lookup

metadata

stats

tstats

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!