Dashboards & Visualizations

Splunk dashboard table - how to add colors based on Threshold values for Dynamic column names?

shashankk
Communicator

Hello Team

I am having a Dashboard created with below Table output. The table is having a dynamic column names (in Date format)

Output as below:

TestMQ2023-06-232023-06-222023-06-212023-06-202023-06-192023-06-182023-06-172023-06-16And so on - till 30 days
MQ.NAME5.0317.0425.7519.8232.1456.8110.9185.14....


My requirement is to color code these values based on the threshold condition as "[<60 = Green] | [>85 = Red] | [>60 AND <85 = Amber]"

I am new to Splunk and still learning. Kindly suggest how this can be achieved i.e. to modify the dynamic Column values based on the Threshold conditions.

@ITWhisperer

0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

Try removing field so that it applies to all fields.

View solution in original post

shashankk
Communicator

@ITWhisperer - Do you have any suggestions on this please? 

  • Are we suppose to Hard code all possible values and specify the Threshold condition? 
  • How do we use wildcard search here which will apply to all possible Date format values ?

    Example below:

    Date Format: 2023-06-27

    <format type="color" field="202*-*-*">
    <colorPalette type="list">[#53A051,#F1813F,#DC4E41]</colorPalette>
    <scale type="threshold">60,85</scale>
    </format>
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Try removing field so that it applies to all fields.

shashankk
Communicator

@ITWhisperer - Thank you - this works fine! 🙂

0 Karma

dural_yyz
Builder

Formatting columns with color is answered here:

https://community.splunk.com/t5/Dashboards-Visualizations/How-to-color-table-cell-on-dashboard-based...

They referenced the document link here:

http://docs.splunk.com/Documentation/Splunk/latest/Viz/TableFormatsXML

 

You want to do column color formats for dynamically named columns which does not appear possible based upon current documentation for xml dashboards.  In the table settings the color tablet is applied at the field name level.  A dynamically named field can not be accounted for unless you were to hard code all possible options.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...