Dashboards & Visualizations

Splunk dashboard table - how to add colors based on Threshold values for Dynamic column names?

shashankk
Communicator

Hello Team

I am having a Dashboard created with below Table output. The table is having a dynamic column names (in Date format)

Output as below:

TestMQ2023-06-232023-06-222023-06-212023-06-202023-06-192023-06-182023-06-172023-06-16And so on - till 30 days
MQ.NAME5.0317.0425.7519.8232.1456.8110.9185.14....


My requirement is to color code these values based on the threshold condition as "[<60 = Green] | [>85 = Red] | [>60 AND <85 = Amber]"

I am new to Splunk and still learning. Kindly suggest how this can be achieved i.e. to modify the dynamic Column values based on the Threshold conditions.

@ITWhisperer

0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

Try removing field so that it applies to all fields.

View solution in original post

shashankk
Communicator

@ITWhisperer - Do you have any suggestions on this please? 

  • Are we suppose to Hard code all possible values and specify the Threshold condition? 
  • How do we use wildcard search here which will apply to all possible Date format values ?

    Example below:

    Date Format: 2023-06-27

    <format type="color" field="202*-*-*">
    <colorPalette type="list">[#53A051,#F1813F,#DC4E41]</colorPalette>
    <scale type="threshold">60,85</scale>
    </format>
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Try removing field so that it applies to all fields.

shashankk
Communicator

@ITWhisperer - Thank you - this works fine! 🙂

0 Karma

dural_yyz
Builder

Formatting columns with color is answered here:

https://community.splunk.com/t5/Dashboards-Visualizations/How-to-color-table-cell-on-dashboard-based...

They referenced the document link here:

http://docs.splunk.com/Documentation/Splunk/latest/Viz/TableFormatsXML

 

You want to do column color formats for dynamically named columns which does not appear possible based upon current documentation for xml dashboards.  In the table settings the color tablet is applied at the field name level.  A dynamically named field can not be accounted for unless you were to hard code all possible options.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...