Splunk
1.dasboard---修改颜色
打开dashboard页面,edit,源码模式修改xml内容,在需要修改的图表中,增加以下内容,例如:
<option name="charting.fieldColors">{"status1":"#FF0000", "status2":"#00FF00", "status3":"#0000FF"}</option>
2.dashboard---drilldown
drilldown可以实现点击跳转,edit,图表右上角有Edit Drilldown功能,分别有Link to search,link to dashboard,link to report,link to custom URL,以及manage tokens on this dashboard功能;选择其一后,可自定义内容
3.流命令streamstats
```python
index="idx_md_mita_web" messageType="keep_alive"
| where Device_Alias = "USA_NewJersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B0184" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_TMO_NR_Caymus_C0092" or
Device_Alias = "USA_NewJersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B0654" or
Device_Alias = "USA_NewJersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B0910" or
Device_Alias = "USA_NewJersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B0940" or
Device_Alias = "USA_NewJersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B0957" or
Device_Alias = "USA_NewJersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B1259" or
Device_Alias = "USA_NewJersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B1260" or
Device_Alias = "USA_NewJersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B2951" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B2951" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B0654" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B0957" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup2Ext_TMO_LTE_Caymus_B1112" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B0184" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B1260" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup4Ext_TMO_LTE_Caymus_B1555" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B0910" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup3Ext_TMO_LTE_Caymus_B1419" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup2Ext_TMO_LTE_Caymus_B1432" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B1259" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup3Ext_TMO_LTE_Caymus_B1601" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B0940" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup4Ext_ATT_LTE_Caymus_B1790" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup2Ext_ATT_LTE_Caymus_B0630" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup2Ext_ATT_LTE_Caymus_B1644" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup3Ext_ATT_LTE_Caymus_B1628" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup3Ext_ATT_LTE_Caymus_B1567" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_ATT_LTE_Caymus_B1437" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_ATT_LTE_Caymus_B0425" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_ATT_LTE_Caymus_B1605" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_ATT_LTE_Caymus_B0444" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_ATT_LTE_Caymus_B0394" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_ATT_LTE_Caymus_B0975" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_ATT_LTE_Caymus_B0185" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_ATT_LTE_Caymus_B0185" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_VZW_LTE_Caymus_B0337" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_VZW_LTE_Caymus_B0418" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_TMO_LTE_Caymus_B1714" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_VZW_LTE_Caymus_B0575" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_VZW_LTE_Caymus_B2827" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_VZW_LTE_Caymus_B1352" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_VZW_LTE_Caymus_B1066" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup3Ext_VZW_LTE_Caymus_B2962" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup3Ext_VZW_LTE_Caymus_B1008" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup2Ext_VZW_LTE_Caymus_B0742" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup2Ext_VZW_LTE_Caymus_B0918" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup4Ext_VZW_LTE_Caymus_B1818" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_VZW_LTE_Caymus_B0704" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_VZW_LTE_Caymus_B1411" or
Device_Alias = "USA_New Jersey_Stability(Live)_Setup1Ext_VZW_LTE_Caymus_B1608" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_VZW_LTE_Caymus_B0125" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1Ext_ATT_LTE_Caymus_C0644" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_TMO_NR_Caymus_C2572" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_TMO_NR_Caymus_C2579" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1Ext_ATT_LTE_Caymus_B0296" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_ATT_LTE_Caymus_C0158" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_ATT_LTE_Caymus_B0347" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_ATT_LTE_Caymus_C2475" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_ATT_LTE_Caymus_C1556" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_ATT_LTE_Caymus_C0099" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_ATT_LTE_Caymus_C0028" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_ATT_LTE_Caymus_C0058" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_ATT_LTE_Caymus_B0254" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_TMO_NR_Caymus_C1722" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1ext_TMO_NR_Caymus_B0125" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1Ext_TMO_NR_Caymus_B0329" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1Ext_TMO_NR_Caymus_C1077" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1Ext_TMO_NR_Caymus_C1730" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1Ext_TMO_NR_Caymus_B0239" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1Ext_TMO_NR_Caymus_B0283" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1Ext_TMO_NR_Caymus_C2791" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1Ext_TMO_NR_Caymus_C2966" or
Device_Alias = "USA_San Diego_Stability(Live)_Setup1Ext_TMO_NR_Caymus_C2983" or
Device_Alias = "India_Noida_Stability(Live)_Setup1Ext_JIO_LTE_Caymus_B0205" or
Device_Alias = "India_Noida_Stability(Live)_Setup1Ext_JIO_LTE_Caymus_B0389" or
Device_Alias = "India_Noida_Stability(Live)_Setup1Ext_JIO_LTE_Caymus_B0471" or
Device_Alias = "India_Noida_Stability(Live)_Setup1Int_JIO_LTE_Caymus_B0056" or
Device_Alias = "India_Noida_Stability(Live)_Setup1Int_JIO_LTE_Caymus_B0463" or
Device_Alias = "India_Noida_Stability(Live)_Setup1Int_JIO_LTE_Caymus_B0777" or
Device_Alias = "India_Noida_Stability(Live)_Setup1Int_JIO_LTE_Caymus_B0827" or
Device_Alias = "India_Noida_Stability(Live)_Setup2Ext_JIO_LTE_Caymus_B0750" or
Device_Alias = "India_Noida_Stability(Live)_Setup2Ext_JIO_LTE_Caymus_B0754" or
Device_Alias = "India_Noida_Stability(Live)_Setup3Ext_JIO_LTE_Caymus_B0829" or
Device_Alias = "India_Noida_Stability(Live)_Setup3Ext_JIO_LTE_Caymus_B1034" or
Device_Alias = "India_Noida_Stability(Live)_Setup4Ext_JIO_LTE_Caymus_B0509" or
Device_Alias = "India_Noida_Stability(Live)_Setup4Ext_JIO_LTE_Caymus_B1116" or
Device_Alias = "India_Noida_Stability(Live)_Setup1Ext_JIO_LTE_Caymus_B0047" or
Device_Alias = "India_Noida_Stability(Live)_Setup1Ext_JIO_LTE_Caymus_B0191" or
Device_Alias = "India_Noida_Stability(Live)_Setup1Int_JIO_NR_Debug_Caymus_B0057" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup1Int_CMCC_NR_Caymus_C0668_MSV27" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup1Int_CMCC_NR_Caymus_C0952_MSV27" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C0486" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C1837" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C2642" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C2756" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C2826" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup2Int_CU_LTE_Caymus_C1416" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup2Int_CU_LTE_Caymus_C2838" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup3Int_CU_LTE_Caymus_C1219" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup3Int_CU_LTE_Caymus_C3059" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup4Int_CU_LTE_Caymus_C1258" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup2Int_CU_LTE_Caymus_C1800" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C2609" or
Device_Alias = "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C1646" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C0100" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C1029" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C0585" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C0100_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C0486_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C0585_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C1029_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C1646_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C1837_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C2609_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C2642_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C2756_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_Caymus_C2826_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup2Int_CU_LTE_Caymus_C1800_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup2Int_CU_LTE_Caymus_C2838_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup3Int_CU_LTE_Caymus_C1219_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup3Int_CU_LTE_Caymus_C3059_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup4Int_CU_LTE_Caymus_C1258_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_LTE_REF_Chandon_Minus_F0710_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_D0854_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_D0864_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C1885_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C1885_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C2166_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C0636_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C2654_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C1415_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C3065_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C1584_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C0623_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C0170_MSV27" or
Device_Alias == "China_Shanghai_Stability(Live)_Setup1Int_CU_NR_Caymus_C2232_MSV27" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup1Int_CMCC_LTE_Caymus_C0704" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup1Int_CMCC_LTE_Caymus_C1192" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup1Int_CMCC_LTE_Caymus_C2538" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup1Int_CMCC_LTE_Caymus_C2805" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup1Int_CT_LTE_Caymus_C1053" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup1Int_CT_LTE_Caymus_C1559" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup1Int_CT_LTE_Caymus_C2032" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup1Int_CT_LTE_Caymus_C2288" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup1Int_CT_LTE_Caymus_C2490" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup2Int_CMCC_LTE_Caymus_C0957" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup2Int_CMCC_LTE_Caymus_C1476" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup2Int_CT_LTE_Caymus_C0895" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup2Int_CT_LTE_Caymus_C2998" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup3Int_CMCC_LTE_Caymus_C1095" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup4Int_CMCC_LTE_Caymus_C0113" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup4Int_CT_LTE_Caymus_C0853" or
Device_Alias = "China_Shenzhen_Stability(Live)_etup3Int_CT_LTE_Caymus_C2533" or
Device_Alias = "China_Shenzhen_Stability(Live)_etup3Int_CT_LTE_Caymus_C3031" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup1Int_CMCC_LTE_Caymus_C1201" or
Device_Alias = "China_Shenzhen_Stability(Live)_Setup3Int_CMCC_LTE_Caymus_C2043"
| table AP_Version MD_Version Device_Alias UE_Status UE_Status_Event timestamp
| where (Device_Alias like"%%")
| fillnull UE_Status UE_Status_Event value="NAN"
| where (UE_Status != "NAN" and UE_Status != "") and (UE_Status_Event != "NAN" and UE_Status_Event != "")
| sort 0 Device_Alias - timestamp
| streamstats count as UE_Status_index by Device_Alias UE_Status
| streamstats count as UE_Status_Event_index by Device_Alias UE_Status_Event
| eval UE_Status = if(UE_Status_index>1, null(), UE_Status), UE_Status_Event = if(UE_Status_Event_index>1, null(), UE_Status_Event)
| eval UE_Status_index = if(UE_Status_index>1, 0, UE_Status_index), UE_Status_Event_index = if(UE_Status_Event_index>1, 0, UE_Status_Event_index)
| streamstats sum(UE_Status_index) as UE_Status_Rank, sum(UE_Status_Event_index) as UE_Status_Event_Rank by Device_Alias
| eval UE_Status = if(UE_Status_Rank>1, null(), UE_Status_Rank."|".UE_Status."|".timestamp), UE_Status_Event = if(UE_Status_Event_Rank>3, null(), UE_Status_Event_Rank."|".UE_Status_Event."|".timestamp)
| stats values(UE_Status) as Top1_UE_Status, values(UE_Status_Event) as Top3_UE_Status_Event by Device_Alias
| eval UE_Status_timestamp = mvindex(split(Top1_UE_Status, "|"), 2), Top1_UE_Status = mvindex(split(Top1_UE_Status, "|"), 1), UE_Status_Event_timestamp = mvmap(Top3_UE_Status_Event, mvindex(split(Top3_UE_Status_Event, "|"), 2)), Top3_UE_Status_Event = mvmap(Top3_UE_Status_Event, mvindex(split(Top3_UE_Status_Event, "|"), 1))
| table Device_Alias Top1_UE_Status UE_Status_timestamp Top3_UE_Status_Event UE_Status_Event_timestamp
| eval Online/Offline = if(UE_Status = "null", Offline,Online)
代码目的:按照类别显示某一时间内的top3UE_Status_Event
从|sort 0 Device_Alias -timestamp到后面7行内容步骤讲解:
按照UE升序,时间降序
按照ue给ue_status 排个序
按照ue给ue_status_event排个序
ue_status只取第一行,也就是最新的
ue_status_event只取第一行,也就是最新的
ue_status_index只取第一行,其他忽略
给ue_status_index排名,给ue_status_event_index排名
将ue_status的排名,ue_status和对应的时间戳放到一起,只取前一
将ue_status_event的排名,ue_status_event和时间戳对应合并,只取前三
4.xy轴指定
|xyseries x y value_field
# converts results into a format suitable for graphing
# 参数:横坐标,纵坐标,作为值的字段名
5. coalesce的用法
| eval Case_Name = coalesce(Case_Name, Case Name)
# 取两个字段的非空值
6. accum计算累计值
...| stats sum(valid) as valid_CR, count as Total_CR by year_month
| sort 0 year_month
| accum Total_CR as cumulative_total_CR
| table year_month,valid_CR,cumulative_total_CR
