All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Change timeline resource category color

doronca
Explorer
‎07-14-2019 09:04 AM

Hi Splunkers,

Is it possible to choose the color of categories in a timeline? I would like to map color to category

Thanks,
Doron

Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎07-15-2019 04:15 AM

@doronca for timeline custom visualization series color change, you will have to CSS override.
Refer to my older answer on similar use case: https://answers.splunk.com/answers/552658/pick-colours-for-certain-value.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

niketn
Legend
‎07-15-2019 04:15 AM

@doronca for timeline custom visualization series color change, you will have to CSS override.
Refer to my older answer on similar use case: https://answers.splunk.com/answers/552658/pick-colours-for-certain-value.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

doronca
Explorer
‎07-16-2019 01:13 AM

Thanks for the answer.

0 Karma
Reply
Solved! Jump to solution

venkasplunk
New Member
‎07-15-2019 02:32 AM

Hi,

Got u.

Try this. If ok pls accept my answer.

option name="charting.fieldColors"
{"informational":#5378AD,"low":#98BF3B,"medium":#F0BE1B,"high":#FF8800,"critical":#D25B3B}
/option

Ignoring the <> before option, because its not working, please check.

0 Karma
Reply
Solved! Jump to solution

venkasplunk
New Member
‎07-15-2019 02:35 AM

{"informational":#5378AD,"low":#98BF3B,"medium":#F0BE1B,"high":#FF8800,"critical":#D25B3B}

0 Karma
Reply
Solved! Jump to solution

doronca
Explorer
‎07-15-2019 02:37 AM

Hi,
Where and how exactly should I use this color mapping?

0 Karma
Reply
Solved! Jump to solution

venkasplunk
New Member
‎07-15-2019 02:50 AM

Just posted the answer again, some how if i use <> the option is getting removed.

0 Karma
Reply
Solved! Jump to solution

doronca
Explorer
‎07-15-2019 03:05 AM

Thanks, seems like the issue still exists. The colors stays the same as before.

0 Karma
Reply
Solved! Jump to solution

venkasplunk
New Member
‎07-15-2019 03:26 AM

Can you paste your code here? For me its working.

I used ur color coding and for me its showing nice colors, For ex: ur critical is red? Low is green?

0 Karma
Reply
Solved! Jump to solution

venkasplunk
New Member
‎07-15-2019 03:29 AM

Do take a note that its case sensitive, if your severity is High use High and dont use high

0 Karma
Reply
Solved! Jump to solution

venkasplunk
New Member
‎07-15-2019 03:32 AM

Can you try moving that line before /viz

0 Karma
Reply
Solved! Jump to solution

doronca
Explorer
‎07-15-2019 03:37 AM

you mean something like:

    <panel>
     <option name="charting.fieldColors">{"informational":#5378AD,"low":#98BF3B,"medium":#F0BE1B,"high":#FF8800,"critical":#D25B3B}</option>
      <viz type="timeline_app.timeline">
        <title>Timeline</title>
        <search>
          <query>| `all_alerts` | rename priority as severity | stats count by _time, alert, severity | bin span=1m _time | search severity="$tok_severity$" | table _time alert severity</query>
          <earliest>$global_time.earliest$</earliest>
          <latest>$global_time.latest$</latest>
          <sampleRatio>1</sampleRatio>
          <refresh>10m</refresh>
          <refreshType>delay</refreshType>
        </search>
        <option name="refresh.display">progressbar</option>
        <option name="timeline_app.timeline.axisTimeFormat">DAYS</option>
        <option name="timeline_app.timeline.colorMode">categorical</option>
        <option name="timeline_app.timeline.maxColor">#DA5C5C</option>
        <option name="timeline_app.timeline.minColor">#FFE8E8</option>
        <option name="timeline_app.timeline.numOfBins">5</option>
        <option name="timeline_app.timeline.tooltipTimeFormat">SECONDS</option>
        <option name="timeline_app.timeline.useColors">1</option>
      </viz>
    </panel>

still doesnt work.. can you copy in the version that worked for you?

0 Karma
Reply
Solved! Jump to solution

venkasplunk
New Member
‎07-15-2019 04:07 AM

No , i meant the last /viz. Below the timeline_app.timeline.useColors.

What version are you referring to?

0 Karma
Reply
Solved! Jump to solution

doronca
Explorer
‎07-15-2019 03:29 AM 
<panel>
  <viz type="timeline_app.timeline">
    <title>Timeline</title>
    <search>
      <query>| `all_alerts` | rename priority as severity | stats count by _time, alert, severity | bin span=1m _time | search severity="$tok_severity$" | table _time alert severity</query>
      <earliest>$global_time.earliest$</earliest>
      <latest>$global_time.latest$</latest>
      <sampleRatio>1</sampleRatio>
      <refresh>10m</refresh>
      <refreshType>delay</refreshType>
    </search>
    <option name="refresh.display">progressbar</option>
    <option name="timeline_app.timeline.axisTimeFormat">DAYS</option>
    <option name="timeline_app.timeline.colorMode">categorical</option>
    <option name="timeline_app.timeline.fieldColors">{"informational":#5378AD,"low":#98BF3B,"medium":#F0BE1B,"high":#FF8800,"critical":#D25B3B}</option>
    <option name="timeline_app.timeline.maxColor">#DA5C5C</option>
    <option name="timeline_app.timeline.minColor">#FFE8E8</option>
    <option name="timeline_app.timeline.numOfBins">5</option>
    <option name="timeline_app.timeline.tooltipTimeFormat">SECONDS</option>
    <option name="timeline_app.timeline.useColors">1</option>
  </viz>
</panel>

I tried both with:

<option name="timeline_app.timeline.fieldColors">{"informational":#5378AD,"low":#98BF3B,"medium":#F0BE1B,"high":#FF8800,"critical":#D25B3B}</option>

and:

<option name="charting.fieldColors">{"informational":#5378AD,"low":#98BF3B,"medium":#F0BE1B,"high":#FF8800,"critical":#D25B3B}</option>
0 Karma
Reply
Solved! Jump to solution

venkasplunk
New Member
‎07-14-2019 11:10 PM

Can you give some more inputs?

U can also refer to https://answers.splunk.com/answers/506607/using-timeline-visulations-can-i-get-the-colors-to.html

0 Karma
Reply
Solved! Jump to solution

doronca
Explorer
‎07-14-2019 11:21 PM

Hi, thanks for replying.
I saw the post you've shared, but it's not 100% solving my problem.

The search below produces a timeline divided into 5 different severity categories that are randomly mapped to color. what I am trying to do is set the categories as follows:

Color-mapping:
{"informational":#5378AD,"low":#98BF3B,"medium":#F0BE1B,"high":#FF8800,"critical":#D25B3B}

Search:

<panel>
  <viz type="timeline_app.timeline">
    <title>Timeline</title>
    <search>
      <query>| `all_alerts` | rename priority as severity | stats count by _time, alert, severity | table _time alert severity</query>
      <earliest>$global_time.earliest$</earliest>
      <latest>$global_time.latest$</latest>
      <sampleRatio>1</sampleRatio>
      <refresh>10m</refresh>
      <refreshType>delay</refreshType>
    </search>
    <option name="refresh.display">progressbar</option>
    <option name="timeline_app.timeline.axisTimeFormat">DAYS</option>
    <option name="timeline_app.timeline.colorMode">categorical</option>
    <option name="timeline_app.timeline.numOfBins">5</option>
    <option name="timeline_app.timeline.tooltipTimeFormat">DAYS</option>
    <option name="timeline_app.timeline.useColors">1</option>
  </viz>
</panel>
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...