I am trying to make my search have 3 different background colors: Green if healthy, Yellow if warning, Red if critical. Right now all the code displays is the correct information without any colors. I took the query part out cause it was long and irrelevant
index="query"
| eval Level=if(Alert_Type="Critical",2,if(Alert_Type="Warning",1,0))
| eval key=Description.ID
| stats dc(key) AS num max(Level) AS Level
| eval count=if(Level=1,"Alert Level: Warning - Total Alerts: ".num,if(Level=2,"Alert Level: Critical - Total Alerts: ".num,"Alert Level: Healthy - Total Alerts: 0"))
| eval Level=if(isnotnull(Level),Level,0)
| eval myClassField=case(Level=2,"red",Level=1,"yellow",Level=0,"green")
| table count Level myClassField
| rename count AS "Health Summary"
Thanks for the help!
↧