Dashboards & Visualizations

Color for Single value charts- rangemap.


Can the rangemap be used in terms of %? Thats my code below where I am trying to change the color of the field UsedSize according to %. Like if it crosses 50% then a light green, crosses 70% then red etc. Also even if I use the same way mentioned as below its still not changing the colors.

earliest=-24h@h latest=@h sourcetype="df" host="$V$" |dedup host| multikv fields Size Used|rex_space| table UsedSize| rangemap field=UsedSize gray=1-30 blue=31-39 red=40-59 default=green Used Disk Space range gaps stacked100 false

Tags (1)


Perf tip: don't use "table" to restrict your dataset to specific fields. Use "fields" instead.

The table command is for presenting fields in a particular order, and can only be done by a search head, meaning everything afterwards must be done there too. The fields command is for removing certain fields or restricting the dataset to a certain list of fields. It works on indexers too.

It's a small change in this particular case, but on big long scary searches, it can make a difference.


Some examples :
This code

<?xml version='1.0' encoding='utf-8'?>
      <searchString>* | bin _time span=5m | stats count by _time | eventstats min(count) as min max(count) as max | eval max_delta=max-min | eval perc=100*(count-min)/max_delta | fields - max max_delta min | eval perc=round(perc) | rangemap field=perc low=0-75 elevated=76-85 high=86-96 severe=95-101 | xyseries _time range perc | makecontinuous _time</searchString>
      <option name="charting.chart">column</option>
      <option name="charting.chart.chartMode">stacked</option>
      <option name="charting.fieldColors">{"low":0x72c72d, "elevated":0xe9da34, "high":0xe67918,"severe":0xbb2121}</option>
      <searchString>* | bin _time span=5m | stats count by _time | eventstats min(count) as min max(count) as max | eval max_delta=max-min | eval perc=100*(count-min)/max_delta | fields - max max_delta min | eval perc=round(perc) | tail 1 | rangemap field=perc low=0-75 elevated=76-85 high=86-95 default=severe</searchString>
      <option name="classField">range</option>
      <option name="field">perc</option>
      <option name="afterLabel"> %</option>

produces this :

alt text

Note that for the modle <single> the only defined ranges are low (green) guarded (blue) elevated (yellow) high (orange) severe (red), if you want other ranges (i.e green, yellow, orange, red) you need to define the css for that range.


Thats what this line does :
<option name="field">perc</option>

It says what field to display in the single value module

If you have a field called disk_used (or count in the example above) change perc to disk_used
The color is still calculated from the percentage though, since thats what the rangemap works from

Ouputting multiple single value modules from 1 input is a whole new ball game.
The only thing capable of doing that is sideview_utils

0 Karma


I was wondering if there is a way to cal the % in the backend itself like low=0-50%(UsedSize) etc but still show the output in GB

0 Karma


Thanks for that. It does work. But what if I have multiple hosts (as input) in form and the data varies according to each host. for eg host 1 has 400GB allocated and has used only 40gb,this should be green as it has used only 10% of its space. where as when host2 is selected it has only 45gb and it has used 37gb of its allocated space. This should be in elevated. If I use the percentages in the search then it will not output the exact amount of space used rather will output the % of it.

0 Karma


I am trying to create a single value chart where that box color will change according to the amount of disk space available for it.

0 Karma


What are you trying to do exactly ?
It looks like you're creating a stacked100 column/line/bar chart. You want the bars to be a different color based on the value ?

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...