Hi all,
I have a single value visualisation added in a dashboard. Its background colour depends on the value shown. (Green for 'Pass' and red for 'Fail'). But somehow it's always giving red background eventhough the value is 'Pass'. Here is the code I use:
```
<panel depends="$hide_css$">
<html>
<style>
#verdict rect {
fill: $verdict_background$ !important;
}
#verdict text {
fill: $verdict_foreground$ !important;
}
</style>
</html>
</panel>
<panel>
<single id="verdict">
<search>
<query>index=temp_index
| search splunk_id=$splunk_id$
| eval ver = verdict.$campaigns_included$
| table verdict.$campaigns_included$
</query>
<done>
<eval token="verdict_background">if($result.ver$=="Pass", "green", "red")</eval>
<set token="verdict_foreground">black</set>
</done>
</search>
<option name="colorMode">block</option>
<option name="drilldown">none</option>
<option name="height">60</option>
<option name="rangeColors">["0x53a051","0xdc4e41"]</option>
<option name="rangeValues">[0]</option>
<option name="useColors">1</option>
</single>
</panel>
```
$campaigns_included$ is the value that's chosen on a dropdown. Pls help, any help would be appreciated. @bowesmana requesting for expertise here!
Ah, of course, the field name verdict.$campaigns_included$ has a '.' character in the middle, so when using field names with non simple characters in them, you need to wrap the eval statement in single quotes, i.e.
| eval ver = 'verdict.$campaigns_included$'
if you changed the field name to verdict_$campaigns_included$, then you would not need the double quotes
However, I just realised that you don't need the two fields as they are the same value, so why not just use the single field?
Note that if you do use the single field, then the <eval> token statement will also need to contain the single quotes, although I've not tested that.
This worked. Thanks @bowesmana!
Hi @bowesmana, sadly this isn't working,
```
table ver verdict.$campaigns_included$
```
this piece of query is creating 2 columns (ver and verdict.$campaigns_included$) but ver column is empty while verdict.$campaigns_included$ column has the value Pass. Not sure what's missing here.
Ah, of course, the field name verdict.$campaigns_included$ has a '.' character in the middle, so when using field names with non simple characters in them, you need to wrap the eval statement in single quotes, i.e.
| eval ver = 'verdict.$campaigns_included$'
if you changed the field name to verdict_$campaigns_included$, then you would not need the double quotes
However, I just realised that you don't need the two fields as they are the same value, so why not just use the single field?
Note that if you do use the single field, then the <eval> token statement will also need to contain the single quotes, although I've not tested that.
You are calculating the ver field
| eval ver = verdict.$campaigns_included$
| table verdict.$campaigns_included$
but your table statement immediately removes it.
If you want the ver field to be available, you can add a <fields> statement into the XML, however, I don't believe the fields statement can contain dynamic fields based on tokens.
The way to solve this is to do the same search in two searches, the first a hidden table that calculates the two fields and sets the token accordingly, and the second, your original single display, that will just the the hidden search as the base search and just only display the field you want.
Note: Not tested
<table depends="$do_not_display$">
<search id="verdict_base">
<query>index=fakt-remote
| search splunk_id=$splunk_id$
| eval ver = verdict.$campaigns_included$
| table ver verdict.$campaigns_included$
</query>
<done>
<eval token="verdict_background">if($result.ver$=="Pass", "green", "red")</eval>
<set token="verdict_foreground">black</set>
</done>
</search>
</table>
<single id="verdict">
<search base="verdict_base">
<query>
| table verdict.$campaigns_included$
</query>
</search>
<option name="colorMode">block</option>
<option name="drilldown">none</option>
<option name="height">60</option>
<option name="rangeColors">["0x53a051","0xdc4e41"]</option>
<option name="rangeValues">[0]</option>
<option name="useColors">1</option>
</single>