https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331720#M162549 <P>Hi Unfortunately I think that would only be possible with jQuery. If your Splunk query ensures all series are always present (i.e. 0 instead of null) and also they are always in the same sequence, then you can use CSS Selector as well as the series number of your results will remain the same.</P> Sat, 10 Mar 2018 17:04:19 GMT niketn 2018-03-10T17:04:19Z https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331716#M162545 <P>Hi Splunkers,</P> <P>I have the below query </P> <P>( (index=xxx sourcetype=xxx severity=xxx intelId=xxx ) ) | eval intelId = case(match(intelId ,"xxx"),"Test1",match(intelId ,"XX"),"Test2") | eval intelId = severity+":"+intelId | timechart usenull=f span=1d count by intelId </P> <P>So this query gives me the information in a chart with serverity+ the field name, for example for INFO it will INFO: Test1.</P> <P>I was trying to give colors to the column chart with the following condition </P> <P>"{"ERROR:<EM>":0xcc0000,"FATAL:</EM>":0xff9900,"INFO:<EM>":0x339933,"DEBUG:</EM>":0x6699ff}"</P> <P>My goal is to achieve color based on the severity - But the above option doesn't seem to work.</P> <P>Any inputs on this are much appreciated.</P> <P>Thanks | RD</P> Tue, 06 Mar 2018 10:50:54 GMT https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331716#M162545 ravidudala 2018-03-06T10:50:54Z https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331717#M162546 <P>try this:</P> <PRE><CODE>&lt;option name="charting.fieldColors"&gt; {"ERROR": 0xFF0000, "FATAL": 0xFF9900 ,"INFO": 0xFF9900, "DEBUG":0x0066FF} &lt;/option&gt; </CODE></PRE> <P>Reference: <A href="https://docs.splunk.com/Documentation/Splunk/7.0.2/Viz/ChartConfigurationReference">https://docs.splunk.com/Documentation/Splunk/7.0.2/Viz/ChartConfigurationReference</A></P> Tue, 06 Mar 2018 14:11:44 GMT https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331717#M162546 493669 2018-03-06T14:11:44Z https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331718#M162547 <P>@ravidudala, Based on your query seems like you have Two series Test1 and Test2 and four SLAs i.e. ERROR FATAL INFO and DEBUG. You can define 8 field colors in this case:</P> <PRE><CODE> &lt;option name="charting.fieldColors"&gt;{"ERROR:Test1": 0xFF0000, "FATAL:Test1": 0xFF9900 ,"INFO:Test1": 0xFF9900, "DEBUG:Test1":0x0066FF,"ERROR:Test2": 0xFF0000, "FATAL:Test2": 0xFF9900 ,"INFO:Test2": 0xFF9900, "DEBUG:Test2":0x0066FF}&lt;/option&gt; </CODE></PRE> <P>The <CODE>charting.fieldColors</CODE> option looks for complete field name as it is and does not support wildcard characters like asterisk <CODE>*</CODE></P> Tue, 06 Mar 2018 14:57:43 GMT https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331718#M162547 niketn 2018-03-06T14:57:43Z https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331719#M162548 <P>Hi nike,</P> <P>I have tried that - It worked for static fields, But it didn't work for Dynamic fields.<BR /> Any Suggestions for dynamics fields.</P> <P>Thanks<BR /> RD</P> Thu, 08 Mar 2018 09:34:29 GMT https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331719#M162548 ravidudala 2018-03-08T09:34:29Z https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331720#M162549 <P>Hi Unfortunately I think that would only be possible with jQuery. If your Splunk query ensures all series are always present (i.e. 0 instead of null) and also they are always in the same sequence, then you can use CSS Selector as well as the series number of your results will remain the same.</P> Sat, 10 Mar 2018 17:04:19 GMT https://community.splunk.com/t5/Splunk-Search/Assign-colour-s-based-on-the-field-value/m-p/331720#M162549 niketn 2018-03-10T17:04:19Z