Solved: Arrange the bar chart color based on log_level.

psriyanka · ‎05-18-2020

Hi all,

Can somebody help me to arrange the bar chart color based on log_level.
Here In the chart attached, I want it to change the values based on the loglevel. When the log_level is Error, it should show it in red color, in Info it should show in Yellow and when in Warn level it should show it in green color.
Here i tried many options, but nothing is working out.
I want when the group values are in the loglevel, it should change the color automatically.

niketn · ‎06-23-2020

@psriyanka since you want color by the log_level field, you will have to reverse the sequence of aggregation fields.

Try the following and charting.fieldColors will work

index=_internal sourcetype=splunkd log_level!=INFO
| chart count by component log_level

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn · ‎06-23-2020

@psriyanka since you want color by the log_level field, you will have to reverse the sequence of aggregation fields.

Try the following and charting.fieldColors will work

index=_internal sourcetype=splunkd log_level!=INFO
| chart count by component log_level

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Arrange the bar chart color based on log_level.

CSS

simple XML

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases

Detecting Remote Code Executions With the Splunk Threat Research Team