Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Define specific Pie Chart colors by string field values

gfuente
Motivator
‎06-05-2013 01:28 AM

Hello

I have a search like this:

sourcetype="xxx" | eval severity= upper(severity) | stats count by severity

It works fine, and give us the results we need. Then we add it to a Dashboard, using a pie chart, so we get the distribution of events by severity, thats fine. The results table looks like:

severity    count
INFO        29
CONFIG      2

Now the user asked us, to use specific colors for each severity value, for example use red color for "ERROR" events, yellow color for "INFO" events, and so on.

I found this answer:
http://splunk-base.splunk.com/answers/58335/change-chart-bar-color-based-on-data-value

But it appear that only works for colums chart, not for pie charts.

Thanks in advance

Reply

davidcif
Engager
‎07-26-2013 07:15 AM

Hi,try this:

1- order the results by severity. i.e. | order severity

2- use the seriesColors property to assign a color to each severity. You will have to write the colors in the same order as the severity values are listed in your results.

<option name="charting.seriesColors">[0xFF9900,0x00CC00]</option>

3- get rid of "other" in pie chart.

<option name="charting.chart.sliceCollapsingThreshold">0</option>

Let me know if it works! Cheers,

Reply

laristote
Explorer
‎08-22-2014 05:34 AM

This one is working:
http://answers.splunk.com/answers/131726/status-codes-color-on-pie-chart

0 Karma
Reply

gfuente
Motivator
‎12-10-2013 04:01 AM

The problem of this solution, is that you could not have events of all severities all times. Then if there are not events of one severity, the next ones will get undesired colors.

0 Karma
Reply

FRoth
Contributor
‎12-10-2013 03:55 AM

but severity is a string value. Sorting would not solve the problem, wouldn't it?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...