Dashboards & Visualizations

How to create a Table Formats Coloring

MeMilo09
Path Finder

Hello Splunk Community, 

I am trying to replicate a heat map using the table formats app available through Splunk.  I see the coloring of the cells when I use the stats command as below, but I need to have the data show as a chart. The issue is when I use chart all the color goes away from the table. Is there a work around for this problem? 

 

<dashboard>
  <label>Table Formats</label>
  <description>Format columns using built-in table formats (coloring, number formatting).</description>
  <row>
    <panel>
      <table>
        <search>
          <query>
        index="Dept_data_idx"  eventType="Created" status="success" host=* | bucket _time span=1h | stats  count by _time host
          </query>
          <earliest>-7d</earliest>
          <latest>now</latest>
        </search>
       <format type="color" field="count">
          <colorPalette type="minMidMax" maxColor="#31A35F" minColor="#FFFFFF"></colorPalette>
          <scale type="minMidMax"></scale>
        </format>
      </table>
      <html>   
      </html>
    </panel>
    </row>
</dashboard>

 


 

Labels (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

When you use chart, the field names become the values of your second dimension, host in your case. Try removing the filed="count" attribute from the format tag. this should apply the format to all fields, so you may need to add an extra format tag to undo this for fields you don't want this formatting to apply to.

View solution in original post

ITWhisperer
SplunkTrust
SplunkTrust

When you use chart, the field names become the values of your second dimension, host in your case. Try removing the filed="count" attribute from the format tag. this should apply the format to all fields, so you may need to add an extra format tag to undo this for fields you don't want this formatting to apply to.

MeMilo09
Path Finder

Hi @ITWhisperer 

Thanks removing the filed="count"  did the trick. Would you help me understand why this works? So far I understand that the field names become values with  chart... but don't understand how removing count from  field helped with this problem. <format type="color" field="    ">

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

The field attribute to the format tag identifies which field to apply the format to. By removing this, it is applied to all fields. The chart command creates a table with columns for time and each host. None of the fields are called count any more, which is why the formatting stopped working when you replaced stats with chart.

MeMilo09
Path Finder

Great, thanks!

0 Karma

tshah-splunk
Splunk Employee
Splunk Employee

Hey @MeMilo09,

You can use different options for formatting the chart. The reference for chart options can be found here - https://docs.splunk.com/Documentation/Splunk/8.2.4/Viz/ChartConfigurationReference 

This will help you enable colors in the heat map using chart as well.

---
If you find the answer helpful, an upvote/karma is appreciated
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...