Dashboards & Visualizations

Dashboard

Shalini31
Explorer

I have created one Dashboard and trying to add different field color. I navigated to "source " >tried updating XML code as "charting.fieldColors">{"Failed Logins":"#FF9900", "NonCompliant_Keys":"#FF0000", "Successful Logins":"#009900", "Provisioning Successful":"#FFFF00"</option>" but still all clumns are showing as "Purple"

 

Can someone help me with it?

Labels (1)
0 Karma
1 Solution

Shalini31
Explorer

I think , i got it now, thanks @bowesmana 

View solution in original post

0 Karma

Shalini31
Explorer

I have field name/column name called ssh_status and {Noncompliant, successful logins , failed logins etc) are its sub fields or values. and under "Visualisation" , Noncompliant, successful logins , failed logins etc these are showing in same color.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

It sounds like you only have two fields? The first one will be used for the x-axis and the second will be a series (of that name) using the (numeric) values for the height of the columns. If this is not what you have, please share your search in full (obfuscated as necessary to obscure sensitive information).

0 Karma

bowesmana
SplunkTrust
SplunkTrust

As @ITWhisperer points out it depends if you have a single "series" in your data, e.g. as in this example which has 4 rows of the "type" field

| makeresults 
| eval type=split("ABCD","")
| mvexpand type
| chart count by type

or whether you have 4 fields and a single row as in this example,, which allow you to change the colours of the "series" - i.e. colums

| makeresults 
| eval type=split("ABCD","")
| mvexpand type
| eval xx="A"
| chart count over xx by type

If your results are like the first example, i.e. 4 rows and a type/count, then you have options to make it the other way, but a simple option is to do

| transpose 0 header_field=type

after your results, where "type" is your column name

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Presumably, you are talking about a column chart. The colours only apply to the series, so unless you have different fields with the names you provided, the columns for the series will all be the same colour. If you could provide details of the search you are using in your chart, we might be able to help you.

0 Karma

Shalini31
Explorer

provided you the query

0 Karma

Shalini31
Explorer

I think , i got it now, thanks @bowesmana 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...