Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Changing the color of a table row if the response time is greater than the threshold

agrant21
Loves-to-Learn
‎02-20-2024 12:18 PM

I created a table that outputs the organization,  threshold, count, and response time. If the response time is greater than the threshold, then I want the  response time  value to turn red. However, the threshold is different for every organization. Is there a way to dynamically set the threshold on the table for the Response Time column to turn red based on its respective threshold. 

 

For example, organization A will have a threshold of 3, while organization B will have a threshold of 10.  I want the table to display all the organizations,count, the response time, and the threshold. 

 

index | stats count as "volume" avg as "avg_value" by organization, _time, threshold

 

Kindly help. 

Labels (3)
Labels
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎02-20-2024 04:38 PM

You can do it, but it's a little fiddly - it involves making the response value a multivalue field with the response value as the first element and an indicator whether it's over threshold saved as the second value.

Using CSS you stop the second value from being displayed, then use the standard colorPalette settings to set the colour.

Here's an example panel that demonstrates how

    <panel>
      <html depends="$hidden$">
        <style>
          #coloured_cell table tbody td div.multivalue-subcell[data-mv-index="1"]{
            display: none;
          }
        </style>
      </html>
      <table id="coloured_cell">
        <title>Colouring a table cell based on it's relative comparison to another cell</title>
        <search>
          <query>
| makeresults count=10
| fields - _time
| eval Threshold=random() % 100, Value=random() % 100
| eval Comparison=case(Value &lt; Threshold,-1, Value &gt; Threshold, 1, true(), 0)
| eval Value=mvappend(Value, Comparison)
| table Threshold Value
          </query>
          <earliest>-15m</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">100</option>
        <format type="color" field="Value">
          <colorPalette type="expression">case(mvindex(value, 1) == "1", "#ff0000", mvindex(value, 1) == "-1", "#000000", true(), "#00ff00")</colorPalette>
        </format>
      </table>
    </panel>

 It will make a field called Comparison which is -1 if the Value is < Threshold, =1 if Value is > Threshold otherwise 0. This is appended to the real value field

Then the <colorPalette> statement will test the mvindex(..1) which gives the Comparison number and the expression defines the colour.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...