How do I color the background based on Time Condit...

Vaale · ‎11-28-2022

Before 7:05 – green
Between 7:05 and 7:45 – yellow
After 7: 45 – red

How can I implement this logic in Splunk?

written a Javascript logic but its throwing an error where < and > are used.

Can someone please help me to process this? Thanks in Advance. !

bowesmana · ‎11-28-2022

You can't put JS inside the XML, you have to add JS files to appserver/static and reference them from the dashboard with <form script="myjs.js">

However, if you're just looking to colour boxes, then see this example dashboard that uses conditions to set colours - 3 examples.

You can use either of the fist two techniques to colour the box

<dashboard>
  <label>colour_box</label>
  <row>
    <panel depends="$hide_css$">
      <html>
        <style>
          #verdict rect {
            fill: $verdict_background$ !important;
          }
          #verdict text {
            fill: $verdict_foreground$ !important;
          }
        </style>
      </html>
    </panel>
    <panel>
      <single id="verdict">
        <title>Verdict - use CSS to style box</title>
        <search>
          <query>| makeresults
          | eval verdict=mvindex(split("Pass,Fail",","), random() % 2)
          </query>
          <done>
            <eval token="verdict_background">if($result.verdict$="Pass", "green", "red")</eval>
            <set token="verdict_foreground">black</set>
          </done>
        </search>
        <option name="colorMode">block</option>
        <option name="drilldown">none</option>
        <option name="height">60</option>
        <option name="rangeColors">["0x53a051","0xdc4e41"]</option>
        <option name="rangeValues">[0]</option>
        <option name="useColors">1</option>
      </single>
    </panel>
    <panel>
      <single>
        <title>Verdict 2 - define range based on pass/fail verdict</title>
        <search>
          <query>| makeresults
          | eval verdict=mvindex(split("Pass,Fail",","), random() % 2)
          | eval range=if(verdict=="Pass", "low", "severe")
          | table verdict range
          </query>
        </search>
        <option name="colorMode">block</option>
        <option name="drilldown">none</option>
        <option name="height">60</option>
        <option name="field">verdict</option>
      </single>
    </panel>
    <panel>
      <single>
        <title>Time Age - more than 3 days is red</title>
        <search>
          <query>| makeresults
          | eval timestamp=now() - (random() % 7) * 86400
          | eval range=if(timestamp &lt; relative_time(now(), "-3d"), "severe", "low")
          | eval timestamp=strftime(timestamp, "%F %T")
          | table timestamp range</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="field">timestamp</option>
        <option name="height">60</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
  </row>
</dashboard>

How do I color the background based on Time Conditions?

CSS

dashboard

Dashboard Studio

form

javascript

single value

Splunk App for Anomaly Detection End of Life Announcement

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Are you a member of the Splunk Community?

How do I color the background based on Time Conditions?