Dashboards & Visualizations

Arrange the bar chart color based on log_level.

psriyanka
Explorer

Hi all,

Can somebody help me to arrange the bar chart color based on log_level.
Here In the chart attached, I want it to change the values based on the loglevel. When the log_level is Error, it should show it in red color, in Info it should show in Yellow and when in Warn level it should show it in green color.
Here i tried many options, but nothing is working out.
I want when the group values are in the loglevel, it should change the color automatically.

alt text
alt text

Labels (2)
Tags (1)
0 Karma
1 Solution

niketn
Legend

@psriyanka since you want color by the log_level field, you will have to reverse the sequence of aggregation fields.

Try the following and charting.fieldColors will work

index=_internal sourcetype=splunkd log_level!=INFO
| chart count by component log_level

 

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma

niketn
Legend

@psriyanka since you want color by the log_level field, you will have to reverse the sequence of aggregation fields.

Try the following and charting.fieldColors will work

index=_internal sourcetype=splunkd log_level!=INFO
| chart count by component log_level

 

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...

SplunkTrust | 2024 SplunkTrust Application Period is Open!

It's that time again, folks! That's right, the application/nomination period for the 2024 SplunkTrust is ...