How do I color the background based on Time Condit...

Vaale · ‎11-28-2022

Before 7:05 – green
Between 7:05 and 7:45 – yellow
After 7: 45 – red

How can I implement this logic in Splunk?

written a Javascript logic but its throwing an error where < and > are used.

Can someone please help me to process this? Thanks in Advance. !

bowesmana · ‎11-28-2022

You can't put JS inside the XML, you have to add JS files to appserver/static and reference them from the dashboard with <form script="myjs.js">

However, if you're just looking to colour boxes, then see this example dashboard that uses conditions to set colours - 3 examples.

You can use either of the fist two techniques to colour the box

<dashboard>
  <label>colour_box</label>
  <row>
    <panel depends="$hide_css$">
      <html>
        <style>
          #verdict rect {
            fill: $verdict_background$ !important;
          }
          #verdict text {
            fill: $verdict_foreground$ !important;
          }
        </style>
      </html>
    </panel>
    <panel>
      <single id="verdict">
        <title>Verdict - use CSS to style box</title>
        <search>
          <query>| makeresults
          | eval verdict=mvindex(split("Pass,Fail",","), random() % 2)
          </query>
          <done>
            <eval token="verdict_background">if($result.verdict$="Pass", "green", "red")</eval>
            <set token="verdict_foreground">black</set>
          </done>
        </search>
        <option name="colorMode">block</option>
        <option name="drilldown">none</option>
        <option name="height">60</option>
        <option name="rangeColors">["0x53a051","0xdc4e41"]</option>
        <option name="rangeValues">[0]</option>
        <option name="useColors">1</option>
      </single>
    </panel>
    <panel>
      <single>
        <title>Verdict 2 - define range based on pass/fail verdict</title>
        <search>
          <query>| makeresults
          | eval verdict=mvindex(split("Pass,Fail",","), random() % 2)
          | eval range=if(verdict=="Pass", "low", "severe")
          | table verdict range
          </query>
        </search>
        <option name="colorMode">block</option>
        <option name="drilldown">none</option>
        <option name="height">60</option>
        <option name="field">verdict</option>
      </single>
    </panel>
    <panel>
      <single>
        <title>Time Age - more than 3 days is red</title>
        <search>
          <query>| makeresults
          | eval timestamp=now() - (random() % 7) * 86400
          | eval range=if(timestamp &lt; relative_time(now(), "-3d"), "severe", "low")
          | eval timestamp=strftime(timestamp, "%F %T")
          | table timestamp range</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="field">timestamp</option>
        <option name="height">60</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
  </row>
</dashboard>

How do I color the background based on Time Conditions?

CSS

dashboard

Dashboard Studio

form

javascript

single value

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation

How do I color the background based on Time Conditions?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.