Dashboards & Visualizations

color in single value which change if minus or plus result

jip31
Motivator

Hello

In a single value result (see attachment) i want that if the result is minus then the color is green but if the result is + the color is red
but impossible to do this with the formant command
pearhaps in xml??
could you help me please?

Tags (1)
0 Karma

adonio
Ultra Champion

hello there:

try this, click refresh couple times as it uses random command to generate positive or negative results

<dashboard>
  <label>minus_green_plus_red</label>
  <row>
    <panel>
      <single>
        <search>
          <query>| gentimes start="10/10/2018:00:00:00" end="10/11/2018:90:00:00" increment=1h
| eval _time = starttime 
| eval value = random()%100
| eval next_value = if(value>50,value,-1*value)
| timechart span=1h max(next_value) as plus_or_minus</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="colorBy">value</option>
        <option name="colorMode">block</option>
        <option name="drilldown">none</option>
        <option name="numberPrecision">0</option>
        <option name="rangeColors">["0x65a637","0xd93f3c"]</option>
        <option name="rangeValues">[0]</option>
        <option name="showSparkline">1</option>
        <option name="showTrendIndicator">1</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
        <option name="trendColorInterpretation">standard</option>
        <option name="trendDisplayMode">absolute</option>
        <option name="unitPosition">after</option>
        <option name="useColors">1</option>
        <option name="useThousandSeparators">1</option>
      </single>
    </panel>
    <panel>
      <single>
        <search>
          <query>| gentimes start="10/10/2018:00:00:00" end="10/11/2018:90:00:00" increment=1h
| eval _time = starttime 
| eval value = random()%100
| eval next_value = if(value>50,value,-1*value)
| timechart span=1h max(next_value) as plus_or_minus</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="colorBy">value</option>
        <option name="colorMode">block</option>
        <option name="drilldown">none</option>
        <option name="numberPrecision">0</option>
        <option name="rangeColors">["0x65a637","0xd93f3c"]</option>
        <option name="rangeValues">[0]</option>
        <option name="showSparkline">1</option>
        <option name="showTrendIndicator">1</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
        <option name="trendColorInterpretation">standard</option>
        <option name="trendDisplayMode">absolute</option>
        <option name="unit">%</option>
        <option name="unitPosition">after</option>
        <option name="useColors">1</option>
        <option name="useThousandSeparators">1</option>
      </single>
    </panel>
  </row>
</dashboard>

screenshot:

alt text

0 Karma

jip31
Motivator

thanks but i dont reach to adapt it to my xml

0 Karma

jip31
Motivator

nobody have an idea please??

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...