- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How to get a Column / Bar Chart change color of ba...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
Have searched for many months and unable to locate what i need. something i believe should be so simple is alluding me..looking for some help on this.
I am trying to change the colour of a bar / column chart to represent a different colour per the size of the shop and showing how many alarm incidents they have had. Visually this should allow me to see a comparison of alerts across my Large shops / my Small Shops by looking at a color only and not having to remember each shops size. ie all green shops are small.
My test table is as followed : On my Graph i would like for the Size of the Shop to be color coded - Large - blue, Medium-yellow, Small-green ( the color of the 3 sizes i am not fussy on) .
| Shop | Size | TypeReport | NoEvents |
| A | Large | FrontAlarm | 76 |
| A | Large | BackAlarm | 115 |
| B | Small | FrontAlarm | 37 |
| B | Small | BackAlarm | 132 |
| C | Medium | FrontAlarm | 81 |
| C | Medium | BackAlarm | 39 |
| D | Large | FrontAlarm | 159 |
| D | Large | BackAlarm | 110 |
| E | Small | FrontAlarm | 26 |
| E | Small | BackAlarm | 71 |
| F | Medium | FrontAlarm | 113 |
| F | Medium | BackAlarm | 49 |
I have tried several Evals but just do not see to be able to get this right. I have tried to follow several answers within the splunk community on this topic, but due to the answers evaluating time - its throwing me out and thus losing that last piece to the puzzle - i have been trying things such as -
| inputlookup Testcolor.csv
| search TypeReport="FrontAlarm"
| stats count by NoEvents
| eval {NoEvents}=count
| fields - count
and changing the source with the below but still no luck.
<option name="charting.fieldColors">{"A":#32a838,"B":#006D9C,"C":#006D9C,"D":#32a838,"E":#006D9C,"F":#006D9 }</option>
To even trying
| inputlookup Testcolor.csv
| search TypeReport="FrontAlarm"
| stats count by NoEvents
| eval Shop="A, B, C, D, E, F"
| makemv Shop delim=","
| mvexpand Shop
| eval count=NoEvents
| table Shop count
| eval {Shop}=count
| fields - count
The above Seemed to get me close but no cigar. I have another 6 weeks before i really need to figure this out, any help would be appreciated. ( Id also prefer to build this in dashboard studio if that does help my problem - i am also only using static data so times are pulled in)
Cheers
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The charting option applies to the colour used for the series. Due to the nature of your data, each shop has values for only one series so the chart will look unbalanced. Essentially, the xyseries command allows you to define which fields are to be used for the x-axis in the chart (Shop), the y-axis (NoEvents) and the different series shown in the chart (Size). The parameters to the xyseries command are really x, series, y. Or to look at it another way, the chart uses the first column of the table (produced by the xyseries command in this case) as the x-axis, the other columns for the names of the series, and the values as to be shown in the y-direction.
| xyseries Shop Size NoEvents
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The charting option applies to the colour used for the series. Due to the nature of your data, each shop has values for only one series so the chart will look unbalanced. Essentially, the xyseries command allows you to define which fields are to be used for the x-axis in the chart (Shop), the y-axis (NoEvents) and the different series shown in the chart (Size). The parameters to the xyseries command are really x, series, y. Or to look at it another way, the chart uses the first column of the table (produced by the xyseries command in this case) as the x-axis, the other columns for the names of the series, and the values as to be shown in the y-direction.
| xyseries Shop Size NoEvents
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That worked perfectly. .. wow, thank you I didn't know that function existed, I had seen it written before in others comments, but never really sure how it worked or constructed itself....I now get it from the way that you have written your response..
Thank you, I've been looking for this for months and your answer, is so simple compared to way I was trying to go and has taught me something new for the day.
Cheers, Lou
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
