Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to Color a cell based on the increment rate from the previous value

yifatcy
Path Finder
‎06-14-2022 05:05 AM

Hi,

Say I have the following table:

Name  2022-06-07 10:01:14 2022-06-07 22:01:13 2022-06-08 10:01:11 2022-06-08 22:01:25 2022-06-09 10:01:22 2022-06-09 22:00:59 2022-06-10 10:01:28
a 301 300 302 303 301 400 412
b 200 220 235 238 208 300 302

Can I color a cell based on the increment rate from the previous value? for instance- if the value increased by 10%, it will be yellow, 20% would be Orange and so on. 
I'm looking for a solution based on simple xml where no additional files are needed.

Thanks.

Labels (5)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-14-2022 06:16 AM

You can try something like this

| foreach *-*
    [| eval <<FIELD>>=if(isnull(_previous),'<<FIELD>>',mvappend('<<FIELD>>',if(tonumber(mvindex('<<FIELD>>',0))/tonumber(_previous)<1.1,"GREEN",if(tonumber(mvindex('<<FIELD>>',0))/tonumber(_previous)<1.2,"YELLOW",if(tonumber(mvindex('<<FIELD>>',0))/tonumber(_previous)<1.3,"ORANGE","RED")))))
    | eval _previous=mvindex('<<FIELD>>',0)]

and then follow the recommendations in other solutions such as this https://community.splunk.com/t5/Dashboards-Visualizations/How-to-update-table-cell-color-as-per-the-... 

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-14-2022 06:16 AM

You can try something like this

| foreach *-*
    [| eval <<FIELD>>=if(isnull(_previous),'<<FIELD>>',mvappend('<<FIELD>>',if(tonumber(mvindex('<<FIELD>>',0))/tonumber(_previous)<1.1,"GREEN",if(tonumber(mvindex('<<FIELD>>',0))/tonumber(_previous)<1.2,"YELLOW",if(tonumber(mvindex('<<FIELD>>',0))/tonumber(_previous)<1.3,"ORANGE","RED")))))
    | eval _previous=mvindex('<<FIELD>>',0)]

and then follow the recommendations in other solutions such as this https://community.splunk.com/t5/Dashboards-Visualizations/How-to-update-table-cell-color-as-per-the-... 

Reply
Solved! Jump to solution

yifatcy
Path Finder
‎06-14-2022 07:32 AM

Perfect! it worked,

One more thing, how do I remove the color name from the final output?

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-14-2022 08:33 AM

That's part of the solution - you have some embedded CSS (no additional files), which set the display type to none for the second (index 1) multi-part cell.

Possibly clearer to see here https://community.splunk.com/t5/Splunk-Search/How-to-change-table-cell-background-color-depends-on-s... 

Reply
Solved! Jump to solution

yifatcy
Path Finder
‎06-14-2022 08:42 AM

Great!, had a syntax problem but now worked. Thanks again

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...