Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Change color of Single Value Visualization based on search result (without script)?

simon_b
Explorer
‎10-12-2022 07:53 AM

Hello, is it possible to change the color of the Single Value Visualization based on a time value of the search result.

 

I get a timestamp as a search result and would like to make the text of the visualization red if the timestamp is from more than 3 days ago.

Thanks for your help!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎10-12-2022 03:54 PM

Here's an example dashboard that changes the colour to red if it's >3 days old

Example just creates a random 'age' and it will either be red or green.

Note - it uses 'range' field to determine colour.

<dashboard>
  <label>tst2</label>
  <row>
    <panel>
      <single>
        <title>Time Age</title>
        <search>
          <query>| makeresults
          | eval timestamp=now() - (random() % 7) * 86400
          | eval range=if(timestamp &lt; relative_time(now(), "-3d"), "severe", "low")
          | eval timestamp=strftime(timestamp, "%F %T")
          | table timestamp range</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="field">timestamp</option>
        <option name="height">60</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
  </row>
</dashboard>

View solution in original post

Reply
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎10-12-2022 03:54 PM

Here's an example dashboard that changes the colour to red if it's >3 days old

Example just creates a random 'age' and it will either be red or green.

Note - it uses 'range' field to determine colour.

<dashboard>
  <label>tst2</label>
  <row>
    <panel>
      <single>
        <title>Time Age</title>
        <search>
          <query>| makeresults
          | eval timestamp=now() - (random() % 7) * 86400
          | eval range=if(timestamp &lt; relative_time(now(), "-3d"), "severe", "low")
          | eval timestamp=strftime(timestamp, "%F %T")
          | table timestamp range</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="field">timestamp</option>
        <option name="height">60</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
  </row>
</dashboard>
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...