Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Variable range values with a token?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
catdadof3
Explorer
12-06-2022
11:45 AM
Hi all,
I have a dashboard that has a single value panel. I am trying to make a dynamic panel that will change with the data. I need to display the result number in the panel, but the coloring needs to be dependent on another number.
Example data:
Total Sandwiches Made
| Name | Cheese | Ham | PB | Turkey | sum | marker | topTh | Total |
| 1110 | 270 | 110 | 710 | Total | 2 | 110 | 2200 | |
| Bill | 400 | 100 | 20 | 600 | 2 | 110 | 1120 | |
| Pam | 700 | 120 | 80 | 100 | 2 | 110 | 1000 | |
| Finn | 10 | 50 | 10 | 10 | 1 | 110 | 80 |
And the example SPL:
index=food sourcetype=sandwiches
| stats sum(Cheese) as Cheese sum(Ham) as Ham sum(PB) as PB sum(Turkey) as Turkey by Name
| addtotals row=t col=t labelfield="sum"
| eval topTh=case(sum="Total", (Total*.05), 1=1, null())
| sort topTh
| filldown topTh
| eval marker=if(Total>=topTh, 2,1)
Basically, if the marker is 1, I'd like the color of the number to be one color and a different one for 2 while still displaying the 'Total' field.
I have the options as this:
<option name="colorBy">value</option>
<option name="drilldown">all</option>
<option name="field">Total</option>
<option name="rangeColors">["0x53A051","0xeb5654"]</option>
<option name="rangeValues">[$lowerThresh$,$upperThresh$]</option>
<option name="refresh.display">none</option>
<option name="useColors">1</option>
and additional logic above it:
<done>
<condition match="'result.marker'==2">
<set token="lowerThresh">1</set>
<set token="upperThresh">2</set>
</condition>
</done>
Any help would be greatly appreciated.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bowesmana
SplunkTrust
12-06-2022
01:25 PM
Single value panel from that table will only display the first row right?
Anyway, you can base your threshold on the topTh setting with the token rather than the marker, as that is your decision to set marker.
Here's an example row that will show the 2200 in green and if you uncomment the sort marker, will show the 80 in red. As you can see it uses the topTh value to set the threshold for the token range.
<row>
<panel>
<single>
<title>Setting result threshold to $threshold$</title>
<search>
<done>
<set token="threshold">$result.topTh$</set>
</done>
<query>| makeresults
| eval _raw="Name,Cheese,Ham,PB,Turkey,sum,marker,topTh,Total
,1110,270,110,710,Total,2,110,2200
Bill,400,100,20,600, ,2,110,1120
Pam,700,120,80,100, ,2,110,1000
Finn,10,50,10,10, ,1,110,80"
| multikv forceheader=1
| table Name Cheese Ham PB Turkey sum marker topTh Total
```| sort marker```</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="field">Total</option>
<option name="rangeColors">["0xdc4e41","0x53a051"]</option>
<option name="rangeValues">[$threshold$]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
</single>
</panel>
</row>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bowesmana
SplunkTrust
12-06-2022
01:25 PM
Single value panel from that table will only display the first row right?
Anyway, you can base your threshold on the topTh setting with the token rather than the marker, as that is your decision to set marker.
Here's an example row that will show the 2200 in green and if you uncomment the sort marker, will show the 80 in red. As you can see it uses the topTh value to set the threshold for the token range.
<row>
<panel>
<single>
<title>Setting result threshold to $threshold$</title>
<search>
<done>
<set token="threshold">$result.topTh$</set>
</done>
<query>| makeresults
| eval _raw="Name,Cheese,Ham,PB,Turkey,sum,marker,topTh,Total
,1110,270,110,710,Total,2,110,2200
Bill,400,100,20,600, ,2,110,1120
Pam,700,120,80,100, ,2,110,1000
Finn,10,50,10,10, ,1,110,80"
| multikv forceheader=1
| table Name Cheese Ham PB Turkey sum marker topTh Total
```| sort marker```</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="field">Total</option>
<option name="rangeColors">["0xdc4e41","0x53a051"]</option>
<option name="rangeValues">[$threshold$]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
</single>
</panel>
</row>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
catdadof3
Explorer
12-07-2022
07:59 AM
This is exactly what I needed! I think my issue was trying to add in 2 tokens instead of 1 in the range values.
Thank you!
Get Updates on the Splunk Community!
Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...
This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...
Elevate Your Organization with Splunk’s Next Platform Evolution
Thursday, July 10, 2025 | 11AM PDT / 2PM EDT
Whether you're managing complex deployments or looking to ...
Splunk Answers Content Calendar, June Edition
Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
