Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Different color on one bar-graph
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
przemyslawolsze
New Member
07-05-2016
05:09 AM
In my application i am trying display logs from logger.
So my source structure:
Application - application name
Interface - logger name
Level - log level
My search query :
index="log_index" sourcetype=log_source| eval logger = Application + ":" + Interface + " - " + Level | eval error= if(Level == "Error", 1, 0) | eval warn= if(Level == "Warn", 1, 0) | eval info= if(Level == "Info", 1, 0) | eval fatal= if(Level == "Fatal", 1, 0)| search fatal=1 OR error=1 OR warn=1 OR info=0| stats count(Level) by logger sort by count(Level) desc
I set my options as:
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.text">title</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bar</option>
<option name="charting.chart.bubbleMaximumSize">500</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">minmax</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">1</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.chart">column</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.fieldColors">{"error":0xFF0000,"warn":0xFFFF00, "info":0x73A550, "fatal": 0x000000}</option>
<option name="charting.seriesColors">[0xFF0000,0xFFFF00,0x00FF00, 0x000000]</option>
My aim:
I would like to match bar color to level for each logger (application plus interface plus level). So bar with level fatal should be red, error black etc etc.
I hope someone of you will know how to configure that tool.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
07-05-2016
12:13 PM
Try this for your query
index="log_index" sourcetype=log_source Level="Error" OR Level="Warn" OR Level="Info" OR Level="Fatal" | eval logger = Application + ":" + Interface | chart count over logger by Level | addtotals | sort -Total | fields - Total
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
07-05-2016
12:13 PM
Try this for your query
index="log_index" sourcetype=log_source Level="Error" OR Level="Warn" OR Level="Info" OR Level="Fatal" | eval logger = Application + ":" + Interface | chart count over logger by Level | addtotals | sort -Total | fields - Total
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
przemyslawolsze
New Member
07-06-2016
12:36 AM
Unbelievable. Now this tool make sense 😄
Thank you.
Get Updates on the Splunk Community!
.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...
If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...
A Season of Skills: New Splunk Courses to Light Up Your Learning Journey
There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...
Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...
Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...
