Solved: How could I change entire bar graph color based on...

Questioner · ‎07-06-2023

I ask this in Stackoverflow, but I couldn't get answer yet.

This is my question.

I want to change bar graph color based on token value.

For example, when I get token name "fruit",I want to change etire bar graph color depend on token like this.

Apple: Red (0xfc4103)
banana : Yellow(0xf5db36)
grape : Purple(0xa536eb)

(When the token data is "Apple", the entire graph color become Red-0xfc4103-)

So I write down code using "charting.fieldColors"

<panel>
  <chart>
    <search>
      <query>
        .......
        | eval paint_chart = case("$fruit$"=="Apple","0xfc4103", "$fruit$"=="banana","0xf5db36", "$fruit$"=="grape","0xa536eb")
        | chart count by amount_DT
        | rename count AS "Number of fruit"
        ...
       <earliest>-10d@d</earliest>
       <latest>now</latest>
     </search>
     ....
    <option name="charting.fieldColors">{"Number of case" : $results.paint_chart$}</option>
  </chart>
</panel>

But it's not working at all. How could I solve this problem?

ITWhisperer · ‎07-06-2023

Try it this way

    <drilldown>
      <set token="fruit">$click.value$</set>
      <eval token="paint_chart">case("$click.value$"=="Apple","0xfc4103", "$click.value$"=="banana","0xf5db36", "$click.value$"=="grape","0xa536eb", 1=1, "0x123456")</eval>
    <drilldown>

View solution in original post

ITWhisperer · ‎07-06-2023

Where does the token $fruit$ come from?

Set another token based on $fruit$ and use that.

          <eval token="paint_chart">case("$fruit$"=="Apple","0xfc4103", "$fruit$"=="banana","0xf5db36", "$fruit$"=="grape","0xa536eb")</eval>

        <option name="charting.seriesColors">[$paint_chart$]</option>

Questioner · ‎07-06-2023

It's come from upper <panel> token like this,

<panel>
  <chart>
    <search>
      <query>.....</query>
    </search>
    <drilldown>
      <set token="fruit">$click.value$</set>
    <drilldown>
  </chart>
</panel>

And Could you please me more specific about "Set another token based on $fruit$?

Is it already use another token pased on $fruit$?

ITWhisperer · ‎07-06-2023

<panel>
  <chart>
    <search>
      <query>.....</query>
    </search>
    <drilldown>
      <set token="fruit">$click.value$</set>
      <eval token="paint_chart">case("$fruit$"=="Apple","0xfc4103", "$fruit$"=="banana","0xf5db36", "$fruit$"=="grape","0xa536eb")</eval>
    <drilldown>
  </chart>
</panel>

Questioner · ‎07-06-2023

Thank you for your help!

But it still not working...😢

I print "paint_chart" token at the graph title, and it show null, even I added 'else case'.

<eval token="paint_chart">case("$fruit$"=="Apple","0xfc4103", "$fruit$"=="banana","0xf5db36", "$fruit$"=="grape","0xa536eb", 1=1, "0x123456)

ITWhisperer · ‎07-06-2023

Try it this way

    <drilldown>
      <set token="fruit">$click.value$</set>
      <eval token="paint_chart">case("$click.value$"=="Apple","0xfc4103", "$click.value$"=="banana","0xf5db36", "$click.value$"=="grape","0xa536eb", 1=1, "0x123456")</eval>
    <drilldown>

Questioner · ‎07-06-2023

Then I can see the whole code about token like this.

When I check the token value like this,

<title> $paint_chart$ </title>

In the UI, It show this.

case("$click.value$"=="Apple","0xfc4103", "$click.value$"=="banana","0xf5db36", "$click.value$"=="grape","0xa536eb", 1=1, "0x12345

ITWhisperer · ‎07-06-2023

It sounds like you have used <set> rather than <eval> as I suggested

Questioner · ‎07-06-2023

OHhhh!

There was a problem with the splunk our company's management server.

Your suggestion works fine.

REALLY REALLY Thank you for your help!😀

How could I change entire bar graph color based on token?

chart

Can’t make it to .conf25? Join us online!

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Are you a member of the Splunk Community?