threshold_labels.conf

The following are the spec and example files for threshold_labels.conf.

threshold_labels.conf.spec

# Copyright (C) 2005-2020 Splunk Inc. All Rights Reserved. 
#
# This file contains all possible attribute/value pairs for configuring settings
# for severity-level thresholds. Use this file to configure
# threshold names and color mappings.
#
# To map threshold names and colors, place a threshold_label.conf in 
# $SPLUNK_HOME/etc/apps/itsi/local/. For examples, see threshold_label.conf.example.
#
# To learn more about configuration files (including precedence) see the documentation 
# located at http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles
#
# CAUTION: You can drastically affect your Splunk installation by changing any settings in
# this file other than the colors. Consult technical support (http://www.splunk.com/page/submit_issue)
# if you are not sure how to configure this file.

[<name>]

color = <string>
* A valid color code.
* Required.

lightcolor = <string>
* A valid color code to display for Episode Review "prominent mode". 
* When you view Episode Review in prominent mode, the entire row is colored
  rather than just the colored band on the side. 
* Required.

threshold_level = <integer>
* A threshold level that is used to create an ordered list of the labels.
* For example, if you set the 'Normal' threshold level to "1", it appears 
  first when the levels are listed in the UI. 
* Optional.

health_weight = <integer>
* The weight or importance of this status. 
* This value should be between 0 and 1. 
* In general, regular levels like Normal and Critical have a weight of "1", while 
  less important levels like Maintenance and Info have a weight of "0".
* Required.

health_min = <integer>
* The minimum threshold value. 
* This value must be a number between 0 and 100. 0 and 100 are inclusive but 
  the minimum threshold value is exclusive.
* Required.

health_max = <integer>
* Themaximum threshold value.
* This value must be a number between 0 and 100. 0 and 100 are inclusive but 
  the maximum threshold value is exclusive.
* Required.

score_contribution = <integer>
* The number, traditionally from 0 to 100, that this particular level will
  contribute towards health score calculations.
* Required.

threshold_labels.conf.example

# Copyright (C) 2005-2020 Splunk Inc. All Rights Reserved.
# This is an example threshold_labels.conf. Use this file to
# configure settings for severity-level thresholds. 
#
# To use one or more of these configurations, copy the color code
# into threshold_labels.conf in $SPLUNK_HOME/etc/apps/itsi/local.  
# You must restart Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see
# the documentation located at
# http://docs.splunk.com/Documentation/ITSI/latest/Configure/ListofITSIconfigurationfiles
#
# This example alert includes showing raw events at selected time buckets, 
# showing raw events from a displayed time range, showing KPI events for 
# a host, and showing all events for a host. 
#
# This file contains examples of brighter severity colors, with "Normal" severity 
# being replaced with "Low" severity. 

[info]
color = #6AB7C7
threshold_level = 1

[low]
color = #65A637
threshold_level = 2

[medium]
color =  #FAC51C
threshold_level = 3

[high]
color = #F7902B
threshold_level = 4

[critical]
color = #D85D3C
threshold_level = 5