Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Change color of Single Value Visualization based on search result (without script)?

simon_b
Path Finder
‎10-12-2022 07:53 AM

Hello, is it possible to change the color of the Single Value Visualization based on a time value of the search result.

 

I get a timestamp as a search result and would like to make the text of the visualization red if the timestamp is from more than 3 days ago.

Thanks for your help!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎10-12-2022 03:54 PM

Here's an example dashboard that changes the colour to red if it's >3 days old

Example just creates a random 'age' and it will either be red or green.

Note - it uses 'range' field to determine colour.

<dashboard>
  <label>tst2</label>
  <row>
    <panel>
      <single>
        <title>Time Age</title>
        <search>
          <query>| makeresults
          | eval timestamp=now() - (random() % 7) * 86400
          | eval range=if(timestamp &lt; relative_time(now(), "-3d"), "severe", "low")
          | eval timestamp=strftime(timestamp, "%F %T")
          | table timestamp range</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="field">timestamp</option>
        <option name="height">60</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
  </row>
</dashboard>

View solution in original post

Reply
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎10-12-2022 03:54 PM

Here's an example dashboard that changes the colour to red if it's >3 days old

Example just creates a random 'age' and it will either be red or green.

Note - it uses 'range' field to determine colour.

<dashboard>
  <label>tst2</label>
  <row>
    <panel>
      <single>
        <title>Time Age</title>
        <search>
          <query>| makeresults
          | eval timestamp=now() - (random() % 7) * 86400
          | eval range=if(timestamp &lt; relative_time(now(), "-3d"), "severe", "low")
          | eval timestamp=strftime(timestamp, "%F %T")
          | table timestamp range</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="field">timestamp</option>
        <option name="height">60</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
  </row>
</dashboard>
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...