Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to colour individual bar on a bar chart?

willsy
Communicator
‎04-18-2023 12:11 PM

Hello, 

I have a search that returns the status "UP" / "DOWN" for various groups. 
At the moment both UP and down are the same colour. 

how do i return the;
status=up green
status=down red

Edit ** Code
index=test host=ABC source=table.csv sourcetype=csv Group=Snow*
| eval Group=if(Group="Snow Day Here we come 12345","Snow",Group)
| eval Status=if(Status="Down (Acknowledged)", "Down", Status)
| dedup _raw
| stats count by Status

This gives me
Status                     Count
Down                      12
Up                            45

I would like those in a bar chart one column as red one as green

Labels (2)
Labels
Tags (2)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-18-2023 02:51 PM

You can't have different colours for bars in the same series, only different colours for different series.

0 Karma
Reply

yeahnah
Motivator
‎04-18-2023 01:41 PM

Hi @willsy 

It's often useful if you show your SPL code too as that sets the output which defines how the output will look in the chart.

Anyway, here's a run anywhere example of a bar chart with different colours for UP or DOWN

 

| makeresults | eval count="1 2", count=split(count, " ") | mvexpand count
| eval count=count%2
      ,status=if(count=1, "UP", "DOWN")
      ,count=1
 ``` SPL above creates dummy event ``` 
| chart max(count) OVER count BY status

 

yeahnah_0-1681850454675.png

Hope it helps to get you going

 

0 Karma
Reply

willsy
Communicator
‎04-18-2023 11:49 PM

I have put the search above, hopefully that helps.

0 Karma
Reply

yeahnah
Motivator
‎04-19-2023 01:20 PM

Try this...

index=test host=ABC source=table.csv sourcetype=csv Group=Snow*
| eval Group=if(Group="Snow Day Here we come 12345","Snow",Group)
| eval Status=if(Status="Down (Acknowledged)", "Down", Status)
| dedup _raw
| chart max(Count) OVER Count BY Status
| filldown
| tail 1
| eval Status=""
| table Status Down Up
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...