Solved: Arrange the bar chart color based on log_level.

psriyanka · ‎05-18-2020

Hi all,

Can somebody help me to arrange the bar chart color based on log_level.
Here In the chart attached, I want it to change the values based on the loglevel. When the log_level is Error, it should show it in red color, in Info it should show in Yellow and when in Warn level it should show it in green color.
Here i tried many options, but nothing is working out.
I want when the group values are in the loglevel, it should change the color automatically.

niketn · ‎06-23-2020

@psriyanka since you want color by the log_level field, you will have to reverse the sequence of aggregation fields.

Try the following and charting.fieldColors will work

index=_internal sourcetype=splunkd log_level!=INFO
| chart count by component log_level

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn · ‎06-23-2020

@psriyanka since you want color by the log_level field, you will have to reverse the sequence of aggregation fields.

Try the following and charting.fieldColors will work

index=_internal sourcetype=splunkd log_level!=INFO
| chart count by component log_level

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Arrange the bar chart color based on log_level.

CSS

simple XML

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor