Sample Splunk Query
index="lamaxu" sourcetype="qmstatus_json" "identifier.dataType"=CHANNEL_STATUS "identifier.dataSource"=
...
DEMO"attributes.CHANNEL"=
...
TEST|rename attributes.STATUS as chlstatus|eval status = case(like(chlstatus,"RUNNING"), 0,like(chlstatus,"INACTIVE"), 1, like(chlstatus,"STOPPED"), 1, like(chlstatus,"RETRY"), 2)|table status | rangemap field=status low=0-0 elevated=1-1 severe=2-2 default=severe | eval status=case(status== 0, "
...
TEST.CHANNEL", status== 1, "
...
TEST.CHANNEL", status== 2, "
...
TEST.CHANNEL"
Dashboard
