Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a Table Formats Coloring

MeMilo09
Path Finder
‎02-24-2022 05:15 PM

Hello Splunk Community, 

I am trying to replicate a heat map using the table formats app available through Splunk.  I see the coloring of the cells when I use the stats command as below, but I need to have the data show as a chart. The issue is when I use chart all the color goes away from the table. Is there a work around for this problem? 

 

<dashboard>
  <label>Table Formats</label>
  <description>Format columns using built-in table formats (coloring, number formatting).</description>
  <row>
    <panel>
      <table>
        <search>
          <query>
        index="Dept_data_idx"  eventType="Created" status="success" host=* | bucket _time span=1h | stats  count by _time host
          </query>
          <earliest>-7d</earliest>
          <latest>now</latest>
        </search>
       <format type="color" field="count">
          <colorPalette type="minMidMax" maxColor="#31A35F" minColor="#FFFFFF"></colorPalette>
          <scale type="minMidMax"></scale>
        </format>
      </table>
      <html>   
      </html>
    </panel>
    </row>
</dashboard>

 


 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-25-2022 12:28 AM

When you use chart, the field names become the values of your second dimension, host in your case. Try removing the filed="count" attribute from the format tag. this should apply the format to all fields, so you may need to add an extra format tag to undo this for fields you don't want this formatting to apply to.

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-25-2022 12:28 AM

When you use chart, the field names become the values of your second dimension, host in your case. Try removing the filed="count" attribute from the format tag. this should apply the format to all fields, so you may need to add an extra format tag to undo this for fields you don't want this formatting to apply to.

Reply
Solved! Jump to solution

MeMilo09
Path Finder
‎02-25-2022 02:18 PM

Hi @ITWhisperer 

Thanks removing the filed="count"  did the trick. Would you help me understand why this works? So far I understand that the field names become values with  chart... but don't understand how removing count from  field helped with this problem. <format type="color" field="    ">

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-25-2022 03:06 PM

The field attribute to the format tag identifies which field to apply the format to. By removing this, it is applied to all fields. The chart command creates a table with columns for time and each host. None of the fields are called count any more, which is why the formatting stopped working when you replaced stats with chart.

Reply
Solved! Jump to solution

MeMilo09
Path Finder
‎02-26-2022 12:37 PM

Great, thanks!

0 Karma
Reply
Solved! Jump to solution

tshah-splunk
Splunk Employee
Splunk Employee
‎02-24-2022 07:56 PM

Hey @MeMilo09,

You can use different options for formatting the chart. The reference for chart options can be found here - https://docs.splunk.com/Documentation/Splunk/8.2.4/Viz/ChartConfigurationReference 

This will help you enable colors in the heat map using chart as well.

---
If you find the answer helpful, an upvote/karma is appreciated
Reply
Get Updates on the Splunk Community!

See Splunk Platform & Observability Innovations at Cisco Live EMEA

Hi Splunkers, Learn about what’s next for Splunk Platform at Cisco Live EMEA.  Data silos are a big challenge ...

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...