Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Add Color to Specific Text within a Field?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
itsmevic70
Explorer
01-20-2023
11:00 AM
I'm creating a ServiceNow Dashboard in Splunk, and there is a particular column called "dv_priority" that I'd like to assign a color code to. For example, their are four values assigned to dv_priority field, it's either going to "1 - Critical" , "2 - High" , "3 - Moderate" , "4 - Low", "5 - Informational"
I'd like to color code these values, for example "1 - Critical" (Red), "2 - High" (Orange), "3 - Moderate" (Yellow) and "4 - Low" (Purple) and "5 - Informational" (Green).
What would be the best approach SPL-wise in doing this with the below query?
index=servicenow sourcetype=* NOT dv_state IN("Closed", "Resolved", "Cancelled")
| eval dv_number = if(isnull(dv_number), task_effective_number, dv_number)
| eval dv_number = if((isnull(dv_number) OR len('dv_number') == 0), DV_NUMBER, dv_number)
| eval number = if((isnull(number) OR len('number') == 0), dv_number, number)
| eval number = if((isnull(number) OR len('number') == 0), NUMBER, number)
| eval number = if((isnull(number) OR len('number') == 0), "Error", number)
| eval number = if(number!=dv_number, dv_number, number)
| eval dv_u_subcategory = if((isnull(dv_u_subcategory) OR len('dv_u_subcetegory') == 0), DV_U_SUBCATEGORY, dv_u_subcategory)
| eval dv_u_category = if((isnull(dv_u_category) OR len('dv_u_category')==0), DV_U_CATEGORY, dv_u_category)
| eval dv_business_service = if(((isnull(dv_business_service) OR len('dv_u_business_service')==0) AND dv_category="MDR Analytics"), "Detect", dv_business_service)
| eval dv_business_service = if(((isnull(dv_business_service) OR len('dv_u_business_service')==0) AND dv_category="MDR Engineering"), "Engineering", dv_business_service)
| eval dv_business_service = if((isnull(dv_business_service) OR len('dv_u_business_service')==0), DV_BUSINESS_SERVICE, dv_business_service)
| eval dv_business_service = if(((isnull(dv_business_service) OR len('dv_business_service')==0) AND dv_u_category="Notable" AND dv_u_subcategory="Security"), "Detect", dv_business_service)
| eval dv_business_service = if((isnull(dv_business_service) OR len('dv_u_business_service')==0), "Error", dv_business_service)
| eval dv_business_service = if(dv_u_category="Infrastructure", "Engineering", dv_business_service)
| eval state = if((isnull(state) OR len('state')==0), STATE, state)
| eval dv_state = if((isnull(dv_state) AND state=1), "New", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=3), "Closed", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=6), "Resolved", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=11), "On-Hold", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=18), "In Progress - Customer", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=7), "Cancelled", dv_state)
| eval dv_state = if((isnull(dv_state) AND state=10), "In Progress - dw", dv_state)
| eval dv_state = if((isnull(dv_state) OR len('dv_state')==0), DV_STATE, dv_state)
| eval dv_state = if((isnull(dv_state) OR len('dv_state')==0), "Error", dv_state)
| eval dv_state = if(dv_state="Error" AND (isnotnull(closed_at) OR len('closed_at') == 0), "Resolved", dv_state)
| eval dv_short_description = if((isnull(dv_short_description) OR len('dv_short_description') == 0), short_description, dv_short_description)
| eval dv_short_description = if((isnull(dv_short_description) OR len('dv_short_description') == 0), case, dv_short_description)
| eval dv_short_description = if((isnull(dv_short_description) OR len('dv_short_description') == 0), DV_SHORT_DESCRIPTION, dv_short_description)
| eval dv_category = if(dv_business_service="Detect", "MDR Analytics", dv_category)
| eval closed_at = if((isnull(closed_at) OR len('closed_at')==0), CLOSED_AT, closed_at)
| eval u_mttn = if((isnull(u_mttn) OR len('u_mttn')==0), U_MTTN, u_mttn)
| eval u_mttca_2 = if((isnull(u_mttca_2) OR len('u_mttca_2')==0), U_MTTCA_2, u_mttca_2)
| eval u_mttcv = if((isnull(u_mttcv) OR len('u_mttcv')==0), U_MTTCV, u_mttcv)
| eval u_mttdi = if((isnull(u_mttdi) OR len('u_mttdi')==0), U_MTTDI, u_mttdi)
| eval u_mttrv = if((isnull(u_mttrv) OR len('u_mttrv')==0), U_MTTRV, u_mttrv)
| eval u_mttc = if((isnull(u_mttc) OR len('u_mttc')==0), U_MTTC, u_mttc)
| table _time, number, dv_state, dv_priority, dv_u_category, dv_short_description,dv_assigned_to,dv_assignment_group, opened_at
| where dv_assignment_group="Security"
| sort - _time
| sort - dv_state
| dedup number
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
manjunathmeti
Champion
01-23-2023
01:52 AM
hi @itsmevic70,
Check this app from Splunk, Splunk Dashboard Examples. It has a dashboard with your use case.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
itsmevic70
Explorer
01-23-2023
06:39 AM
Thanks, Manjunathmeti.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
manjunathmeti
Champion
01-23-2023
01:52 AM
hi @itsmevic70,
Check this app from Splunk, Splunk Dashboard Examples. It has a dashboard with your use case.
Got questions? Get answers!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Meet up IRL or virtually!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Get Updates on the Splunk Community!
Event Series: Telemetry Pipeline Management
Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud
As ...
Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...
Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...
Deep insights, no barriers: Splunk Observability Cloud Free Edition
As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
