Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Define specific Pie Chart colors by string field values

gfuente
Motivator
‎06-05-2013 01:28 AM

Hello

I have a search like this:

sourcetype="xxx" | eval severity= upper(severity) | stats count by severity

It works fine, and give us the results we need. Then we add it to a Dashboard, using a pie chart, so we get the distribution of events by severity, thats fine. The results table looks like:

severity    count
INFO        29
CONFIG      2

Now the user asked us, to use specific colors for each severity value, for example use red color for "ERROR" events, yellow color for "INFO" events, and so on.

I found this answer:
http://splunk-base.splunk.com/answers/58335/change-chart-bar-color-based-on-data-value

But it appear that only works for colums chart, not for pie charts.

Thanks in advance

Reply

davidcif
Engager
‎07-26-2013 07:15 AM

Hi,try this:

1- order the results by severity. i.e. | order severity

2- use the seriesColors property to assign a color to each severity. You will have to write the colors in the same order as the severity values are listed in your results.

<option name="charting.seriesColors">[0xFF9900,0x00CC00]</option>

3- get rid of "other" in pie chart.

<option name="charting.chart.sliceCollapsingThreshold">0</option>

Let me know if it works! Cheers,

Reply

laristote
Explorer
‎08-22-2014 05:34 AM

This one is working:
http://answers.splunk.com/answers/131726/status-codes-color-on-pie-chart

0 Karma
Reply

gfuente
Motivator
‎12-10-2013 04:01 AM

The problem of this solution, is that you could not have events of all severities all times. Then if there are not events of one severity, the next ones will get undesired colors.

0 Karma
Reply

FRoth
Contributor
‎12-10-2013 03:55 AM

but severity is a string value. Sorting would not solve the problem, wouldn't it?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
Top