Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Colour formatting when comparing field values against each other?

fflima
New Member
‎07-06-2020 07:49 AM

Not sure if this is a potential bug or simply not doable but trying to colour format a field whilst comparing it to the expected value of another field.

ie if field 1!= field 2 then colour field 1 as red

Below was the sample in the source used:

<format type="color" field="netbox_tenant">
<colorPalette type="expression"> if (netbox_tenant!=tenant,"#53A051","#DC4E41")</colorPalette>

Result looked like below:

fflima_0-1594046872590.png

 

Those top three should be green based on logic although it appears to colour everything with the first choice colour - have tried multiple different statements (case etc) but doesn't seem to want to work.

Any ideas?

Labels (2)
Labels
0 Karma
Reply

efavreau
Motivator
‎07-06-2020 08:36 AM

Hi @fflima!

By itself, you can't do that exactly as you are trying to. It appears that you already figured out the new column with pass/fail. That's how to go about something similar.

Cheers!

###

If this reply helps you, an upvote would be appreciated.
0 Karma
Reply

fflima
New Member
‎07-06-2020 08:41 AM

@efavreau  thanks for coming back!

Is this something that would be doable in the near future? Or could potentially have a feature request for?

The Pass/Fail at the end is an eval where I'm comparing 4-5 different fields that we might care about.

Was looking to colour the fields in the way I've described so that for each fail you see exactly which field/s causes the overall fail.

I have other pages similar to this where I'll be doing pass/fail logic comparing 10+ fields - alternative would be to create a column per item checked as well as this overall Pass/Fail column although you wouldn't see nicely which field is the failing item.. 

0 Karma
Reply

efavreau
Motivator
‎07-06-2020 09:10 AM

@fflimaI don't know if such a feature would be coming. Likely Splunk won't comment on that. Ideas can be posted to https://ideas.splunk.com/ (there's a link at the top of the page here within the Splunk Community site). You are correct, having a new column that does the comparison for each would be a way to solve it. If there's another way, maybe someone else in the community knows.

However, when I've used a similar approach, I had another column called "Reason". I can't grab the logic right now (I used a couple case statements IIRC), so hopefully you can follow what I am trying to say.

If "pass" value, reason = ""

If "fail" value, reason = "Failed on ".fieldname

The magic there is the "." is concatenating the name of your field that failed, with the "Failed on " phrase. You can't make it red without JavaScript (https://community.splunk.com/t5/Splunk-Search/Wilde-card-is-not-working-for-when-using-colorPalette-... but it would tell you more easily, the reason for the fail.

###

If this reply helps you, an upvote would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...