this is my search:

|search index=****** interfaceName=*
|stats values(interfaceName) as importer
|join type=lest
     [|search index=****** Code=*
        [|inputlookup importers.csv
         |table interfaceName]
      |lookup importers.csv interfaceName OUTPUTNEW system timeRange
      |where like(system, "%") 
      |stats
         values(system) as reality
         values(timeRange) as max_time
|eval importer_in_csv=if(isnull(max_time),0,1)

I want to color the importer column if importer_in_csv = 0
How do I do it in XML?
thanks!!

You first mention colouring the column, then the row - if you want to colour the column then you can do it if your importer is a single value field - from your search you are doing stats values().. as importer, but the principle of colouring a column (not row) based on its relation to another field is to make the column you want to colour a multivalue field by appending the indicator, e.g.

| eval importer=mvappend(importer, importer_in_csv)

and to then limit the number of values shown for that field to 1 with some CSS, e.g.

<html depends="$hidden$">
  <style>
    #coloured_cell table tbody td div.multivalue-subcell[data-mv-index="1"]{
      display: none;
    }
  </style>
</html>

and then to use a format statement in the table definition

<format type="color" field="importer">
  <colorPalette type="expression">case(mvindex(value, 1) == "0", "#FF0000", mvindex(value, 1) == "1", "#00FF00")</colorPalette>
</format>

However, it's not clear from your search what your data actually looks like as the join subsearch is not terminated, so it's not clear where it ends and you don't appear to have any common fields to join with.

@bowesmana The problem with this method (which I hinted at) is that the field in question is already a multi-value field, and this method hides the second value (which with this method would be an indicator for the colour), but it looks like (from the search shared by OP) this may contain actual data values.

@ITWhisperer yes, agreed, but going on the search, it seems to be handwritten rather than copy/paste (type=lest) and it wasn't clear to me if the data really is MV or SV. I couldn't figure out what in fact the join was doing without any common fields - it's effectively an appendcols with no correlation between importer values.

That colouring technique is certainly only suitable for SV fields.

@bowesmana I have got it to work with MV but the colouring element has to be at the beginning and hidden, which means every field has to become a MV with some sort of colour indicator prepended. It is a little messy and until it is clear what is actually going on with the search, I didn't want to spend too much time on it. 😎

Given your search, you have a multi-value field - if you coloured this it would be the whole field, not just the importer that was missing. Is this what you really want?

Yes
I want it to color the entire row if the importer_in_csv = 0