Solved: Timechart Help required

sathish2k8 · ‎01-16-2018

Folks,

I am doing log file monitoring, using this

index=os host="" "" | timechart count

I want the chart to display red color whenever there is ERROR and Yellow color whenever there is a Warning. Please guide me.

cmerriman · ‎01-17-2018

you're going to need to adjust your search to include the INFORM/ERROR/WARNING

index=os host="" "" |rex field=_raw "(?<status>.*)----"| timechart count by status

if you are on a newer version of Splunk (6.6+), you can highlight the values of status using the formatting options in the table.
http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Viz/TableFormatsFormatting#Column_color

cmerriman · ‎01-17-2018

you're going to need to adjust your search to include the INFORM/ERROR/WARNING

index=os host="" "" |rex field=_raw "(?<status>.*)----"| timechart count by status

if you are on a newer version of Splunk (6.6+), you can highlight the values of status using the formatting options in the table.
http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Viz/TableFormatsFormatting#Column_color

Timechart Help required