Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Add Color to Specific Text within a Field?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
itsmevic70
Explorer
01-20-2023
11:00 AM
I'm creating a ServiceNow Dashboard in Splunk, and there is a particular column called "dv_priority" that I'd like to assign a color code to. For example, their are four values assigned to dv_priority field, it's either going to "1 - Critical" , "2 - High" , "3 - Moderate" , "4 - Low", "5 - Informational"
I'd like to color code these values, for example "1 - Critical" (Red), "2 - High" (Orange), "3 - Moderate" (Yellow) and "4 - Low" (Purple) and "5 - Informational" (Green).
What would be the best approach SPL-wise in doing this with the below query?
index=servicenow sourcetype=* NOT dv_state IN("Closed", "Resolved", "Cancelled")
| eval dv_number = if(isnull(dv_number), task_effective_number, dv_number)
| eval dv_number = if((isnull(dv_number) OR len('dv_number') == 0), DV_NUMBER, dv_number)
| eval number = if((isnull(number) OR len('number') == 0), dv_number, number)
| eval number = if((isnull(number) OR len('number') == 0), NUMBER, number)
| eval number = if((isnull(number) OR len('number') == 0), "Error", number)
| eval number = if(number!=dv_number, dv_number, number)
| eval dv_u_subcategory = if((isnull(dv_u_subcategory) OR len('dv_u_subcetegory') == 0), DV_U_SUBCATEGORY, dv_u_subcategory)
| eval dv_u_category = if((isnull(dv_u_category) OR len('dv_u_category')==0), DV_U_CATEGORY, dv_u_category)
| eval dv_business_service = if(((isnull(dv_business_service) OR len('dv_u_business_service')==0) AND dv_category="MDR Analytics"), "Detect", dv_business_service)
| eval dv_business_service = if(((isnull(dv_business_service) OR len('dv_u_business_service')==0) AND dv_category="MDR Engineering"), "Engineering", dv_business_service)
| eval dv_business_service = if((isnull(dv_business_service) OR len('dv_u_business_service')==0), DV_BUSINESS_SERVICE, dv_business_service)
| eval dv_business_service = if(((isnull(dv_business_service) OR len('dv_business_service')==0) AND dv_u_category="Notable" AND dv_u_subcategory="Security"), "Detect", dv_business_service)
| eval dv_business_service = if((isnull(dv_business_service) OR len('dv_u_business_service')==0), "Error", dv_business_service)
| eval dv_business_service = if(dv_u_category="Infrastructure", "Engineering", dv_business_service)
| eval state = if((isnull(state) OR len('state')==0), STATE, state)
| eval dv_state = if((isnull(dv_state) AND state=1), "New", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=3), "Closed", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=6), "Resolved", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=11), "On-Hold", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=18), "In Progress - Customer", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=7), "Cancelled", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=10), "In Progress - dw", dv_state)
| eval dv_state = if((isnull(dv_state) OR len('dv_state')==0), DV_STATE, dv_state)
| eval dv_state = if((isnull(dv_state) OR len('dv_state')==0), "Error", dv_state)
| eval dv_state = if(dv_state="Error" AND (isnotnull(closed_at) OR len('closed_at') == 0), "Resolved", dv_state)
| eval dv_short_description = if((isnull(dv_short_description) OR len('dv_short_description') == 0), short_description, dv_short_description)
| eval dv_short_description = if((isnull(dv_short_description) OR len('dv_short_description') == 0), case, dv_short_description)
| eval dv_short_description = if((isnull(dv_short_description) OR len('dv_short_description') == 0), DV_SHORT_DESCRIPTION, dv_short_description)
| eval dv_category = if(dv_business_service="Detect", "MDR Analytics", dv_category)
| eval closed_at = if((isnull(closed_at) OR len('closed_at')==0), CLOSED_AT, closed_at)
| eval u_mttn = if((isnull(u_mttn) OR len('u_mttn')==0), U_MTTN, u_mttn)
| eval u_mttca_2 = if((isnull(u_mttca_2) OR len('u_mttca_2')==0), U_MTTCA_2, u_mttca_2)
| eval u_mttcv = if((isnull(u_mttcv) OR len('u_mttcv')==0), U_MTTCV, u_mttcv)
| eval u_mttdi = if((isnull(u_mttdi) OR len('u_mttdi')==0), U_MTTDI, u_mttdi)
| eval u_mttrv = if((isnull(u_mttrv) OR len('u_mttrv')==0), U_MTTRV, u_mttrv)
| eval u_mttc = if((isnull(u_mttc) OR len('u_mttc')==0), U_MTTC, u_mttc)
| table _time, number, dv_state, dv_priority, dv_u_category, dv_short_description,dv_assigned_to,dv_assignment_group, opened_at
| where dv_assignment_group="Security"
| sort - _time
| sort - dv_state
| dedup number
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
manjunathmeti
Champion
01-23-2023
01:52 AM
hi @itsmevic70,
Check this app from Splunk, Splunk Dashboard Examples. It has a dashboard with your use case.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
itsmevic70
Explorer
01-23-2023
06:39 AM
Thanks, Manjunathmeti.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
manjunathmeti
Champion
01-23-2023
01:52 AM
hi @itsmevic70,
Check this app from Splunk, Splunk Dashboard Examples. It has a dashboard with your use case.
Got questions? Get answers!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Meet up IRL or virtually!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Get Updates on the Splunk Community!
Announcing Modern Navigation: A New Era of Splunk User Experience
We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...
Observability Simplified: Combining User Experience, Application Performance & ...
Tech Talk
Observability Simplified: Combining User Experience, Application Performance & Network ...
Event Series May & June: From Network Visibility to Service Intelligence
Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI
In today’s hybrid ...
