How can I change the color on individual columns i...

JMFrank215 · ‎12-16-2020

So I have seen questions that are similar but I can't seem to find anything that helps with my specific question. I have the following search:

index=x sourcetype="y"
| stats avg(ResponseTime) as "Average Response Time" by Consumer
| eval "Average Response Time"=round('Average Response Time',0)
| replace "comp_a" with "Company A" "comp_b" with "Company B" "comp_c" with "Company C"

This returns the below column chart:

The only issue I am having from this point, is that I cannot figure out how to change the color of individual columns (e.g. make the Company A column red, Company B column blue, Company C column green) since they are all displaying that avg(ResponseTime) value. I am currently using this "<option name="charting.seriesColors">[0x006D9C]</option>" within the chart source to make it this shade of blue. But even if I add commas with other colors within the seriesColors brackets, it does not work. Any suggestions?

to4kawa · ‎12-17-2020

company	comp_a	comp_b	comp_c
Consumer	200	300	400

please make the table like above.

JMFrank215 · ‎12-18-2020

yeah this did not do what I wanted it to. I do not want to set the comps_ to those values, I want the different companies to show the avg(ResponseTime). I don't understand what the fillnull is doing because I don't have any data named "company". Same goes for the last line that created the table

to4kawa · ‎12-17-2020

sample:

index=_internal | head 1 | fields _raw
| eval comp_a=200,comp_b=300,comp_c=400
| fillnull company value="Consumer"
| table company comp_*

please make the table like above.

JMFrank215 · ‎12-17-2020

This did not work for me, maybe you could explain what that is doing and I could modify as necessary?

How can I change the color on individual columns in a column chart

chart

CSS

panel

simple XML

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes