Splunk:一个条形图上的颜色不同

时间:2016-07-05 08:01:43

标签: logging graph splunk

在我的应用程序中,我正在尝试从记录器显示日志 所以我的源结构:

Application - 申请名称
Interface - 记录器名称
Level - 日志级别

我的搜索查询:

index="log_index" sourcetype=log_source
| eval logger = Application + ":" + Interface + " - " + Level 
| eval error= if(Level == "Error", 1, 0) 
| eval warn= if(Level == "Warn", 1, 0) 
| eval info= if(Level == "Info", 1, 0) 
| eval fatal= if(Level == "Fatal", 1, 0)
| search fatal=1 OR error=1 OR warn=1 OR info=0
| stats count(Level) by logger sort by count(Level) desc

我将选项设置为:

<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.text">title</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bar</option>
<option name="charting.chart.bubbleMaximumSize">500</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">minmax</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">1</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.chart">column</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.fieldColors">{"error":0xFF0000,"warn":0xFFFF00, "info":0x73A550, "fatal": 0x000000}</option>
<option name="charting.seriesColors">[0xFF0000,0xFFFF00,0x00FF00, 0x000000]</option>

我的目标: 我想将条形颜色与每个记录器的级别匹配(应用程序加接口加级别)。所以水平致命的酒吧应该是红色,错误黑色等等。

我希望你们中的某个人知道如何配置该工具。

1 个答案:

答案 0 :(得分:0)

复杂的解决方案:

splunk answer
by somesoni2 from splunk answer

复制内容:

index="log_index" sourcetype=log_source 
Level="Error" OR Level="Warn" OR Level="Info" OR Level="Fatal" 
| eval logger = Application + ":" + Interface 
| chart count over logger by Level
| addtotals  
| sort -Total 
| fields - Total
相关问题
最新问题