Solved: changing bars colors by a string value of a field

matansocher · ‎10-16-2017

Hi,

I have a simple bar chart that sums a number("SLOC") by another field("file").
each file has another field that describes it - "sloc_type" - and I want to change the files bars colors by the "sloc_type" field.

example to the chart now:

the "sloc_type" field has only 2 options: rtl, verif.

I need the files bar to be in a specific color, in order to separate them by their "sloc_type"

Thanks

niketn · ‎10-16-2017

try creating a Stacked bar chart with the following query:

 index=testeda_p groupID=sloc_data 
 | search project=Periph core=ipa core_ver=4.2.0
 | chart sum(sloc) as SLOC over file by sloc_type
 | sort -SLOC
 | head 10

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn · ‎10-16-2017

try creating a Stacked bar chart with the following query:

 index=testeda_p groupID=sloc_data 
 | search project=Periph core=ipa core_ver=4.2.0
 | chart sum(sloc) as SLOC over file by sloc_type
 | sort -SLOC
 | head 10

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

matansocher · ‎10-16-2017

thanks. it really got me closer to what I needed

niketn · ‎10-16-2017

@matansocher, glad it helped! Please let us know if something is still not as expected or if you need further help 🙂

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

matansocher · ‎10-16-2017

my search:

index=testeda_p groupID=sloc_data 
| search project=Periph core=ipa core_ver=4.2.0
| stats sum(sloc) as SLOC by file
| sort -SLOC
| head 10

changing bars colors by a string value of a field

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!