Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

changing bars colors by a string value of a field

matansocher
Contributor
‎10-16-2017 12:50 AM

Hi,

I have a simple bar chart that sums a number("SLOC") by another field("file").
each file has another field that describes it - "sloc_type" - and I want to change the files bars colors by the "sloc_type" field.

example to the chart now:
alt text

the "sloc_type" field has only 2 options: rtl, verif.

I need the files bar to be in a specific color, in order to separate them by their "sloc_type"

Thanks

Preview file
18 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎10-16-2017 02:53 AM

try creating a Stacked bar chart with the following query:

 index=testeda_p groupID=sloc_data 
 | search project=Periph core=ipa core_ver=4.2.0
 | chart sum(sloc) as SLOC over file by sloc_type
 | sort -SLOC
 | head 10
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎10-16-2017 02:53 AM

try creating a Stacked bar chart with the following query:

 index=testeda_p groupID=sloc_data 
 | search project=Periph core=ipa core_ver=4.2.0
 | chart sum(sloc) as SLOC over file by sloc_type
 | sort -SLOC
 | head 10
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

matansocher
Contributor
‎10-16-2017 06:19 AM

thanks. it really got me closer to what I needed

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎10-16-2017 06:26 AM

@matansocher, glad it helped! Please let us know if something is still not as expected or if you need further help 🙂

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

matansocher
Contributor
‎10-16-2017 01:56 AM

my search:

index=testeda_p groupID=sloc_data 
| search project=Periph core=ipa core_ver=4.2.0
| stats sum(sloc) as SLOC by file
| sort -SLOC
| head 10
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...