Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Define specific Pie Chart colors by string field values

gfuente
Motivator
‎06-05-2013 01:28 AM

Hello

I have a search like this:

sourcetype="xxx" | eval severity= upper(severity) | stats count by severity

It works fine, and give us the results we need. Then we add it to a Dashboard, using a pie chart, so we get the distribution of events by severity, thats fine. The results table looks like:

severity    count
INFO        29
CONFIG      2

Now the user asked us, to use specific colors for each severity value, for example use red color for "ERROR" events, yellow color for "INFO" events, and so on.

I found this answer:
http://splunk-base.splunk.com/answers/58335/change-chart-bar-color-based-on-data-value

But it appear that only works for colums chart, not for pie charts.

Thanks in advance

Reply

davidcif
Engager
‎07-26-2013 07:15 AM

Hi,try this:

1- order the results by severity. i.e. | order severity

2- use the seriesColors property to assign a color to each severity. You will have to write the colors in the same order as the severity values are listed in your results.

<option name="charting.seriesColors">[0xFF9900,0x00CC00]</option>

3- get rid of "other" in pie chart.

<option name="charting.chart.sliceCollapsingThreshold">0</option>

Let me know if it works! Cheers,

Reply

laristote
Explorer
‎08-22-2014 05:34 AM

This one is working:
http://answers.splunk.com/answers/131726/status-codes-color-on-pie-chart

0 Karma
Reply

gfuente
Motivator
‎12-10-2013 04:01 AM

The problem of this solution, is that you could not have events of all severities all times. Then if there are not events of one severity, the next ones will get undesired colors.

0 Karma
Reply

FRoth
Contributor
‎12-10-2013 03:55 AM

but severity is a string value. Sorting would not solve the problem, wouldn't it?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top