rangemap
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
rangemap
Synopsis
Sets range field to the name of the ranges that match.
Syntax
rangemap field=<string> (<attrn>=<num>-<num>)+ [default=<string>]
Arguments
- attrn
- Syntax: <string>
- Description: The name or attribute for the specified numerical range.
- default
- Datatype: default=<string>
- Description: If no range is matched, this defines a default value.
- field
- Syntax: field=<string>
- Description: The name of field.
Description
Sets range field to the names of any attrn that the value of field is within. If no range is matched the range is set to the default values.
Examples
Example 1: Set range to "green" if the date_second is between 1-30; "blue", if between 31-39; "red", if between 40-59; and "gray", if no range matches (for example, if date_second=0).
... | rangemap field=date_second green=1-30 blue=31-39 red=40-59 default=grayExample 2: Sets the value of each event's range field to "low" if its count field is 0 (zero); "elevated", if between 1-100; "severe", otherwise.
... | rangemap field=count low=0-0 elevated=1-100 default=severeNote: Certain GUI modules can be configured to use rangemap values; for example, Splunk ships with CSS that defines colors for low, elevated, and severe. You can customize the CSS for these values.
This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.