Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

changing bars colors by a string value of a field

matansocher
Contributor
‎10-16-2017 12:50 AM

Hi,

I have a simple bar chart that sums a number("SLOC") by another field("file").
each file has another field that describes it - "sloc_type" - and I want to change the files bars colors by the "sloc_type" field.

example to the chart now:
alt text

the "sloc_type" field has only 2 options: rtl, verif.

I need the files bar to be in a specific color, in order to separate them by their "sloc_type"

Thanks

Preview file
18 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎10-16-2017 02:53 AM

try creating a Stacked bar chart with the following query:

 index=testeda_p groupID=sloc_data 
 | search project=Periph core=ipa core_ver=4.2.0
 | chart sum(sloc) as SLOC over file by sloc_type
 | sort -SLOC
 | head 10
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎10-16-2017 02:53 AM

try creating a Stacked bar chart with the following query:

 index=testeda_p groupID=sloc_data 
 | search project=Periph core=ipa core_ver=4.2.0
 | chart sum(sloc) as SLOC over file by sloc_type
 | sort -SLOC
 | head 10
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

matansocher
Contributor
‎10-16-2017 06:19 AM

thanks. it really got me closer to what I needed

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎10-16-2017 06:26 AM

@matansocher, glad it helped! Please let us know if something is still not as expected or if you need further help 🙂

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

matansocher
Contributor
‎10-16-2017 01:56 AM

my search:

index=testeda_p groupID=sloc_data 
| search project=Periph core=ipa core_ver=4.2.0
| stats sum(sloc) as SLOC by file
| sort -SLOC
| head 10
0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...