Hi All,
I want to have search results (Alert Level column) with colors, so the Alert Level result should show Critical as RED, Warning as AMBER, and Normal as GREEN. How do I create a dashboard result value with colors? Below is my search. Please help.
index=myindex sourcetype="mysource" msg=Failure* | eval Date=strftime(_time, "%Y/%m/%d") | stats count as fails by user, msg, Date, shost | eval "Alert Level"=case(fails>=10, "Critical", fails<5 AND fails>=10, "Warning", fails<5, "Normal") | table Date, msg, user, shost, fails, "Alert Level"| sort - fails | rename fails as "Failed Logon Attempts" | sort - count | rename user as "Account in Question", msg as "Message", shost as HostName
Thanks in advance!
↧