Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Add Color to Specific Text within a Field?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
itsmevic70
Explorer
01-20-2023
11:00 AM
I'm creating a ServiceNow Dashboard in Splunk, and there is a particular column called "dv_priority" that I'd like to assign a color code to. For example, their are four values assigned to dv_priority field, it's either going to "1 - Critical" , "2 - High" , "3 - Moderate" , "4 - Low", "5 - Informational"
I'd like to color code these values, for example "1 - Critical" (Red), "2 - High" (Orange), "3 - Moderate" (Yellow) and "4 - Low" (Purple) and "5 - Informational" (Green).
What would be the best approach SPL-wise in doing this with the below query?
index=servicenow sourcetype=* NOT dv_state IN("Closed", "Resolved", "Cancelled")
| eval dv_number = if(isnull(dv_number), task_effective_number, dv_number)
| eval dv_number = if((isnull(dv_number) OR len('dv_number') == 0), DV_NUMBER, dv_number)
| eval number = if((isnull(number) OR len('number') == 0), dv_number, number)
| eval number = if((isnull(number) OR len('number') == 0), NUMBER, number)
| eval number = if((isnull(number) OR len('number') == 0), "Error", number)
| eval number = if(number!=dv_number, dv_number, number)
| eval dv_u_subcategory = if((isnull(dv_u_subcategory) OR len('dv_u_subcetegory') == 0), DV_U_SUBCATEGORY, dv_u_subcategory)
| eval dv_u_category = if((isnull(dv_u_category) OR len('dv_u_category')==0), DV_U_CATEGORY, dv_u_category)
| eval dv_business_service = if(((isnull(dv_business_service) OR len('dv_u_business_service')==0) AND dv_category="MDR Analytics"), "Detect", dv_business_service)
| eval dv_business_service = if(((isnull(dv_business_service) OR len('dv_u_business_service')==0) AND dv_category="MDR Engineering"), "Engineering", dv_business_service)
| eval dv_business_service = if((isnull(dv_business_service) OR len('dv_u_business_service')==0), DV_BUSINESS_SERVICE, dv_business_service)
| eval dv_business_service = if(((isnull(dv_business_service) OR len('dv_business_service')==0) AND dv_u_category="Notable" AND dv_u_subcategory="Security"), "Detect", dv_business_service)
| eval dv_business_service = if((isnull(dv_business_service) OR len('dv_u_business_service')==0), "Error", dv_business_service)
| eval dv_business_service = if(dv_u_category="Infrastructure", "Engineering", dv_business_service)
| eval state = if((isnull(state) OR len('state')==0), STATE, state)
| eval dv_state = if((isnull(dv_state) AND state=1), "New", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=3), "Closed", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=6), "Resolved", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=11), "On-Hold", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=18), "In Progress - Customer", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=7), "Cancelled", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=10), "In Progress - dw", dv_state)
| eval dv_state = if((isnull(dv_state) OR len('dv_state')==0), DV_STATE, dv_state)
| eval dv_state = if((isnull(dv_state) OR len('dv_state')==0), "Error", dv_state)
| eval dv_state = if(dv_state="Error" AND (isnotnull(closed_at) OR len('closed_at') == 0), "Resolved", dv_state)
| eval dv_short_description = if((isnull(dv_short_description) OR len('dv_short_description') == 0), short_description, dv_short_description)
| eval dv_short_description = if((isnull(dv_short_description) OR len('dv_short_description') == 0), case, dv_short_description)
| eval dv_short_description = if((isnull(dv_short_description) OR len('dv_short_description') == 0), DV_SHORT_DESCRIPTION, dv_short_description)
| eval dv_category = if(dv_business_service="Detect", "MDR Analytics", dv_category)
| eval closed_at = if((isnull(closed_at) OR len('closed_at')==0), CLOSED_AT, closed_at)
| eval u_mttn = if((isnull(u_mttn) OR len('u_mttn')==0), U_MTTN, u_mttn)
| eval u_mttca_2 = if((isnull(u_mttca_2) OR len('u_mttca_2')==0), U_MTTCA_2, u_mttca_2)
| eval u_mttcv = if((isnull(u_mttcv) OR len('u_mttcv')==0), U_MTTCV, u_mttcv)
| eval u_mttdi = if((isnull(u_mttdi) OR len('u_mttdi')==0), U_MTTDI, u_mttdi)
| eval u_mttrv = if((isnull(u_mttrv) OR len('u_mttrv')==0), U_MTTRV, u_mttrv)
| eval u_mttc = if((isnull(u_mttc) OR len('u_mttc')==0), U_MTTC, u_mttc)
| table _time, number, dv_state, dv_priority, dv_u_category, dv_short_description,dv_assigned_to,dv_assignment_group, opened_at
| where dv_assignment_group="Security"
| sort - _time
| sort - dv_state
| dedup number
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
manjunathmeti
Champion
01-23-2023
01:52 AM
hi @itsmevic70,
Check this app from Splunk, Splunk Dashboard Examples. It has a dashboard with your use case.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
itsmevic70
Explorer
01-23-2023
06:39 AM
Thanks, Manjunathmeti.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
manjunathmeti
Champion
01-23-2023
01:52 AM
hi @itsmevic70,
Check this app from Splunk, Splunk Dashboard Examples. It has a dashboard with your use case.
Got questions? Get answers!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Meet up IRL or virtually!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Get Updates on the Splunk Community!
Monitoring AI Agents with Splunk Observability Cloud
Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...
[Puzzles] Solve, Learn, Repeat: Tiling
This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...
SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...
Thursday, July 9, 2026 | 11:00AM–12:00PM PDT
Duration: 1 hour (includes Q&A)
Managing can feel like a ...
