Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to apply color based on the field

rchams
Explorer
‎08-24-2020 08:47 AM

Please help to find out the way to apply color based on field.

 

my query:

 

index=<> sourcetype=<>

|timechart count(httpResponsecode) as httpcount by httpResponsecode

 

test doc for splunk.PNG

 

 

Required solution:

Color is not based on count, color is based on field value

if httpResponsecode = 200-299 the count of the httpResponsecode shows in GREEN

httpResponsecode = 300-399 the count of the httpResponsecode shows in GREEN

httpResponsecode = 400-499 the count of the httpResponsecode shows in YELLOW

httpResponsecode = 500-599 the count of the httpResponsecode shows in RED

 

Note: I'm not looking for trendline and sparkline as well. I just need total count of each httpResponsecode but the count value shown in different color based on the httpResponsecode value.

Labels (2)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rchams
Explorer
‎08-24-2020 10:50 AM

| eval range = case(esb_http_status_code like "40%" AND http_count>0, "elevated", esb_http_status_code like "50%" AND http_count>0, "high", 1=1, "low")

this one worked

 

test2.PNG

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-24-2020 09:45 AM

Hi @rchams,

you have to setup colors in Format Visualization: [Edit -- Format Visualization -- Color -- Use Color=Yes -- Color By Value] settings the value intervals for each color:

        <option name="colorBy">value</option>
        <option name="colorMode">none</option>
        <option name="rangeColors">["0x555","0x53a051","0x53a051","0xf8be34","0xdc4e41","0x555"]</option>
        <option name="rangeValues">[200,299,399,499,599]</option>
        <option name="trendColorInterpretation">standard</option>
        <option name="useColors">1</option>

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

rchams
Explorer
‎08-24-2020 09:47 AM

Hi gcusello,

@gcusello The range logic is not working for colors.  I'm looking for colors based on the field value.

httpResponsecode      count

200                                       5

500                                       6

 

The range is applying for count not the httpResponsecode.

 

I'm looking for the result like, if httpResponsecode is 200 the count of the 200 shows in green.

0 Karma
Reply
Solved! Jump to solution
Solution

rchams
Explorer
‎08-24-2020 10:50 AM

| eval range = case(esb_http_status_code like "40%" AND http_count>0, "elevated", esb_http_status_code like "50%" AND http_count>0, "high", 1=1, "low")

this one worked

 

test2.PNG

 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...