Hello, I've been reading some similar posts and solutions here, but I can't get them to work. I'd like to change the colour of the background of a metric based upon the number of items returned by a query, but I'm very new to ELK and the coding. please can you help me get the logic right.
I've followed a previous post answered by Catherine Liu, I think there must be a problem in my logic because I think the data I'm trying to get is text, and I don't know how to get the render to evaluate the returned value as a number? I might be wrong in this assumption.
here is my query, and the one I've tried based upon the post.
show's the correct number.
filters
| essql
query="SELECT \"vulnerability.category\" FROM \"ecs-servicehealth-o365\" WHERE \"event.outcome\"='Activated' AND \"event.category\"='Alerts' AND \"event.dataset\"='office365.servicehealth' AND \"service.state\"='ServiceDegradation' AND \"vulnerability.category\" IS NOT NULL"
| math "size(vulnerability.category)"
| metric "vulnerabilities detected"
metricFont={font size=48 family="'Open Sans', Helvetica, Arial, sans-serif" color="#000000" align="center" lHeight=48}
labelFont={font size=14 family="'Open Sans', Helvetica, Arial, sans-serif" color="#000000" align="center"} metricFormat="0,0.[000]"
| render containerStyle={containerStyle}
tried this solution
filters
| essql
query="SELECT \"vulnerability.category\" FROM \"ecs-servicehealth-o365\" WHERE \"event.outcome\"='Activated' AND \"event.category\"='Alerts' AND \"event.dataset\"='office365.servicehealth' AND \"service.state\"='ServiceDegradation' AND \"vulnerability.category\" IS NOT NULL"
| math "size(vulnerability.category)"
| metric "vulnerabilities detected"
metricFont={font size=48 family="'Open Sans', Helvetica, Arial, sans-serif" color="#000000" align="center" lHeight=48}
labelFont={font size=14 family="'Open Sans', Helvetica, Arial, sans-serif" color="#000000" align="center"} metricFormat="0,0.[000]"
| render containerStyle={
containerStyle backgroundColor={
filters | essql query="SELECT \"vulnerability.category\" FROM \"ecs-servicehealth-o365\" WHERE \"event.outcome\"='Activated' AND \"event.category\"='Alerts' AND \"event.dataset\"='office365.servicehealth' AND \"service.state\"='ServiceDegradation' AND \"vulnerability.category\" IS NOT NULL" | if {gt 50} then="red" else="green"
}
}
advice and guidance welcome
Many thanks
Ian