@pnahar, if you are on Splunk version 6.5 or higher, in your SPL you can add
| fillnull value=" "
Or do something similar using eval
| eval yourFieldName=if(isnull(yourFieldName)," ",yourFieldName)
Then you can use
expression to apply color palette to
yourFieldName. Refer to documentation: https://docs.splunk.com/Documentation/Splunk/latest/Viz/TableFormatsXML#Color_palette_types_and_opti...
<format type="color" field="yourFieldName"> <colorPalette type="expression">if (value == " ", "#65A637", "#0000FF")</colorPalette> </format>
Can you please help me modifying expression part.
I need like this, say
the value in cell is "abc" then #color1,
if the value in the cell is in between 0< value <50 then #color2,
if the value in the cell is in between 50< value <100 then #color3.
How can I make complex expression which has combination of conditional statements and ranges?
Thanks to @jeffland seems like it colorPalette expression started to work with
case() expression. Not sure which version onward but works in Splunk 8.x. Following is an answer which uses
match() for applying
colorPalette based on
Refer to comment by @TonyLeeVT where multiple
nested if can be used to set more than two color values using
colorPalette type as
expression https://answers.splunk.com/answers/26522/if-statment-or-nested-if.html#comment-677995. Do up vote his comment if you find the same useful!
@pnahar, I think
expression supports only
if() and not
case(). So you would be able to set only two color through it i.e. either
<format type="color" field="data"> <colorPalette type="expression">if(match(value,"abc"),"#555555","#D93F3C")</colorPalette> </format>
<format type="color" field="data"> <colorPalette type="expression">if(value>0 AND value<50,"#65A637","#D93F3C")</colorPalette> </format>
If you need more complex scenario to be handled, you would need to use Simple XML JS and CSS Extension. There are several examples in Splunk Dashboard Examples App and here on Splunk Answers. You would need to adjust one as per your need.
Let us know if you need further assistance with that. Here is one example for a different use case but logic is mostly the same: https://answers.splunk.com/answers/581747/change-row-color-when-the-field-time-value-increas.html