All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Timeline- Custom Visualization: How do I apply colors using the resource_field bins?

rbernharnavy
Engager
‎05-28-2019 11:40 AM

When applying the timeline visualization against table _time job_name duration, and selecting categorical color mode in the format menu, it doesn't seem to be picking up the resource_field, instead it picks up duration which results in a huge legend of many colors.

From the docs I see usage is table _time <resource_field> [<color_field>] [<duration_field>] ,
so I'm confused what color_field is for or how to properly apply colors using the resource_field bins.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎05-28-2019 08:13 PM

@rbernharnavy try to create duplicate field for color in your case

 <yourCurrentColor>
| eval job_name_category=job_name
| table _time job_name job_name_category duration
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma
Reply
Solved! Jump to solution

joesrepsolc
Communicator
‎10-19-2020 10:18 AM

Not liking the default colors it selected.

0 Karma
Reply
Solved! Jump to solution

joesrepsolc
Communicator
‎10-19-2020 10:17 AM

But can I manually set the colors used for this visualization like in other Splunk charts? I would like the colors for Excellent to be green, Poor to be red, etc.

Example:
<option name="charting.fieldColors">{"Unacceptable": #DC4E41,"Poor": #F1813F,"Fair": #F8BE34,"Good": #B6C75A,"Excellent": #53A051}</option>

0 Karma
Reply
Solved! Jump to solution

quatorz
Engager
‎02-10-2020 10:58 AM

You need to set "Use colors" to "Yes" in the Format tab. Then it will interpret your color_field

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎05-28-2019 08:13 PM

@rbernharnavy try to create duplicate field for color in your case

 <yourCurrentColor>
| eval job_name_category=job_name
| table _time job_name job_name_category duration
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

rbernharnavy
Engager
‎05-29-2019 08:59 AM

That did it, thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top