Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to apply color based on the field

rchams
Explorer
‎08-24-2020 08:47 AM

Please help to find out the way to apply color based on field.

 

my query:

 

index=<> sourcetype=<>

|timechart count(httpResponsecode) as httpcount by httpResponsecode

 

test doc for splunk.PNG

 

 

Required solution:

Color is not based on count, color is based on field value

if httpResponsecode = 200-299 the count of the httpResponsecode shows in GREEN

httpResponsecode = 300-399 the count of the httpResponsecode shows in GREEN

httpResponsecode = 400-499 the count of the httpResponsecode shows in YELLOW

httpResponsecode = 500-599 the count of the httpResponsecode shows in RED

 

Note: I'm not looking for trendline and sparkline as well. I just need total count of each httpResponsecode but the count value shown in different color based on the httpResponsecode value.

Labels (2)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rchams
Explorer
‎08-24-2020 10:50 AM

| eval range = case(esb_http_status_code like "40%" AND http_count>0, "elevated", esb_http_status_code like "50%" AND http_count>0, "high", 1=1, "low")

this one worked

 

test2.PNG

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-24-2020 09:45 AM

Hi @rchams,

you have to setup colors in Format Visualization: [Edit -- Format Visualization -- Color -- Use Color=Yes -- Color By Value] settings the value intervals for each color:

        <option name="colorBy">value</option>
        <option name="colorMode">none</option>
        <option name="rangeColors">["0x555","0x53a051","0x53a051","0xf8be34","0xdc4e41","0x555"]</option>
        <option name="rangeValues">[200,299,399,499,599]</option>
        <option name="trendColorInterpretation">standard</option>
        <option name="useColors">1</option>

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

rchams
Explorer
‎08-24-2020 09:47 AM

Hi gcusello,

@gcusello The range logic is not working for colors.  I'm looking for colors based on the field value.

httpResponsecode      count

200                                       5

500                                       6

 

The range is applying for count not the httpResponsecode.

 

I'm looking for the result like, if httpResponsecode is 200 the count of the 200 shows in green.

0 Karma
Reply
Solved! Jump to solution
Solution

rchams
Explorer
‎08-24-2020 10:50 AM

| eval range = case(esb_http_status_code like "40%" AND http_count>0, "elevated", esb_http_status_code like "50%" AND http_count>0, "high", 1=1, "low")

this one worked

 

test2.PNG

 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...