Splunk Practice Exercise 6: Query Results Visualization using Marker Gauge Colors

Introduction

This practice exercise focuses on creating visualizations that uses Marker Gauge with color indicators. It will utilize a splunk query that outputs a percentage for it to be compatible to the said visualization.

Step 1: Access Splunk Web

1. Open your web browser and navigate to Splunk Web:

   http://<your server ip>:8000

2. Log in using your credentials.

Step 2: Navigate to Search & Reporting App

1. In the Splunk Web interface, go to the Search & Reporting app.

Step 3: Construct the Search Query

1. In the search bar, you can enter the following search query compatible to provide a visualization:

Query:

index=tutorial status=* 
    | stats count(eval(like(status, "5%"))) as server_error, count as request_total
    | eval SLA = ((request_total - server_error) / request_total) * 100
    | fields SLA

This query calculates the percentage of the successful requests by subtracting the 5xx errors.

Step 4: Create the Visualization

1. Go to the Visualization tab to view the results in a visual manner.

2. Change the visualization to Marker Gauge.

3. Go to Format Visualization and apply the following changes:

   • Under General, you can use Minimal or Shiny
   • Under Color Ranges, apply the following changes:
     • Range from 85 to 90 for Red
     • Range from 90 to 95 for Yellow
     • Range from 95 to 100 for Green

4. Output should look like the screenshot below:

Conclusion

Congratulations! You have successfully completed the practice exercise, creating visualizations that displays the percentage of the successful requests with the total requests, with the ability to customize visualization properties using Marker Gauge. Continue to explore and experiment with different visualization types and customization options to enhance your Splunk skills.