Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Define specific Pie Chart colors by string field values

gfuente
Motivator
‎06-05-2013 01:28 AM

Hello

I have a search like this:

sourcetype="xxx" | eval severity= upper(severity) | stats count by severity

It works fine, and give us the results we need. Then we add it to a Dashboard, using a pie chart, so we get the distribution of events by severity, thats fine. The results table looks like:

severity    count
INFO        29
CONFIG      2

Now the user asked us, to use specific colors for each severity value, for example use red color for "ERROR" events, yellow color for "INFO" events, and so on.

I found this answer:
http://splunk-base.splunk.com/answers/58335/change-chart-bar-color-based-on-data-value

But it appear that only works for colums chart, not for pie charts.

Thanks in advance

Reply

davidcif
Engager
‎07-26-2013 07:15 AM

Hi,try this:

1- order the results by severity. i.e. | order severity

2- use the seriesColors property to assign a color to each severity. You will have to write the colors in the same order as the severity values are listed in your results.

<option name="charting.seriesColors">[0xFF9900,0x00CC00]</option>

3- get rid of "other" in pie chart.

<option name="charting.chart.sliceCollapsingThreshold">0</option>

Let me know if it works! Cheers,

Reply

laristote
Explorer
‎08-22-2014 05:34 AM

This one is working:
http://answers.splunk.com/answers/131726/status-codes-color-on-pie-chart

0 Karma
Reply

gfuente
Motivator
‎12-10-2013 04:01 AM

The problem of this solution, is that you could not have events of all severities all times. Then if there are not events of one severity, the next ones will get undesired colors.

0 Karma
Reply

FRoth
Contributor
‎12-10-2013 03:55 AM

but severity is a string value. Sorting would not solve the problem, wouldn't it?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...