Solved: Different color on one bar-graph

przemyslawolsze · ‎07-05-2016

In my application i am trying display logs from logger.

So my source structure:

Application - application name

Interface - logger name

Level - log level

My search query :

index="log_index" sourcetype=log_source| eval logger = Application + ":" + Interface + " - " + Level | eval error= if(Level == "Error", 1, 0) | eval warn= if(Level == "Warn", 1, 0) | eval info= if(Level == "Info", 1, 0) | eval fatal= if(Level == "Fatal", 1, 0)| search fatal=1 OR error=1 OR warn=1 OR info=0| stats count(Level) by logger sort by count(Level) desc

I set my options as:

        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.text">title</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">bar</option>
        <option name="charting.chart.bubbleMaximumSize">500</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">minmax</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">all</option>
        <option name="charting.layout.splitSeries">1</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.chart">column</option>
        <option name="charting.chart.stackMode">stacked</option>
        <option name="charting.fieldColors">{"error":0xFF0000,"warn":0xFFFF00, "info":0x73A550, "fatal": 0x000000}</option>
        <option name="charting.seriesColors">[0xFF0000,0xFFFF00,0x00FF00, 0x000000]</option>

My aim:
I would like to match bar color to level for each logger (application plus interface plus level). So bar with level fatal should be red, error black etc etc.

I hope someone of you will know how to configure that tool.

somesoni2 · ‎07-05-2016

Try this for your query

index="log_index" sourcetype=log_source Level="Error" OR Level="Warn" OR Level="Info" OR Level="Fatal" | eval logger = Application + ":" + Interface | chart count over logger by Level | addtotals  | sort -Total | fields - Total

View solution in original post

somesoni2 · ‎07-05-2016

Try this for your query

index="log_index" sourcetype=log_source Level="Error" OR Level="Warn" OR Level="Info" OR Level="Fatal" | eval logger = Application + ":" + Interface | chart count over logger by Level | addtotals  | sort -Total | fields - Total

przemyslawolsze · ‎07-06-2016

Unbelievable. Now this tool make sense 😄
Thank you.

Different color on one bar-graph

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Different color on one bar-graph

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!