Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

color pai in different color by result

sarit_s
Communicator
‎11-22-2023 02:06 AM

Hello

I have this search :

 

index="report"
| stats count(Category__Names_of_Patches) as totalNumberOfPatches by Computer_Name
| eval exposure_level = case(
    totalNumberOfPatches >= 1 AND totalNumberOfPatches <= 5, "Low Exposure",
    totalNumberOfPatches >= 6 AND totalNumberOfPatches <= 9, "Medium Exposure",
    totalNumberOfPatches >= 10, "High Exposure",
    totalNumberOfPatches == 0, "Compliant",
    1=1, "<not reported>"
  )

 


and i want to create pai for each exposure_level and color the pai in different color
how can i do it ? 

Thanks

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-22-2023 02:37 AM

What is pai?

0 Karma
Reply

sarit_s
Communicator
‎11-22-2023 03:39 AM

pie chart

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-22-2023 04:05 AM

Try something like this

index="report"
| stats count(Category__Names_of_Patches) as totalNumberOfPatches by Computer_Name
| eval exposure_level = case(
    totalNumberOfPatches >= 1 AND totalNumberOfPatches <= 5, "Low Exposure",
    totalNumberOfPatches >= 6 AND totalNumberOfPatches <= 9, "Medium Exposure",
    totalNumberOfPatches >= 10, "High Exposure",
    totalNumberOfPatches == 0, "Compliant",
    1=1, "<not reported>"
  )
| xyseries Computer_Name exposure_level totalNumberOfPatches

Then set your trellis to be by exposure_level

0 Karma
Reply

sarit_s
Communicator
‎11-22-2023 04:10 AM

Thanks
It looks better
I just want to color the pie in different colors so :

 "Low Exposure" - blue
 "Medium Exposure" - yellow
"High Exposure" - red
"Compliant" - green
<not reported> - gray
I couldn't find an option to do it 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-22-2023 04:15 AM

Are you wanting a separate pie chart for each exposure level or a single pie chart where all the counts for each exposure level are combined?

0 Karma
Reply

sarit_s
Communicator
‎11-22-2023 04:16 AM

separate once

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-22-2023 04:17 AM

So, each pie chart would be all one colour?

0 Karma
Reply

sarit_s
Communicator
‎11-22-2023 04:18 AM

exactly and will show the number of the count for the specific category

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-22-2023 04:23 AM

Where is category coming from? You only have totalNumberOfPatches, Computer_Name and exposure_level

0 Karma
Reply

sarit_s
Communicator
‎11-22-2023 04:23 AM

sorry , category = exposure_level

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-22-2023 05:17 AM

Here is a sample dashboard showing how to set the colours for the pie charts using CSS - note that the order of the pie charts in the trellis is assumed to be fixed.

  <row>
    <panel depends="$alwayshide$">
      <html>
        <style>
          #trellis_pie div.facets-container div.viz-panel:nth-child(1) g.highcharts-series path
          {
            fill: red !important;
          }
          #trellis_pie div.facets-container div.viz-panel:nth-child(2) g.highcharts-series path
          {
            fill: green !important;
          }
          #trellis_pie div.facets-container div.viz-panel:nth-child(3) g.highcharts-series path
          {
            fill: blue !important;
          }
          #trellis_pie div.facets-container div.viz-panel:nth-child(4) g.highcharts-series path
          {
            fill: yellow !important;
          }
        </style>
      </html>
    </panel>
    <panel>
      <chart id="trellis_pie">
        <search>
          <query>| makeresults count=100
| fields - _time
| eval Computer_Name=mvindex(split("ABCDE",""),random()%5).mvindex(split("ABCDE",""),random()%5)
| eval Category__Names_of_Patches=mvindex(split("XYZ",""),random()%3)
| stats count(Category__Names_of_Patches) as totalNumberOfPatches by Computer_Name
| eval exposure_level = case(
    totalNumberOfPatches &gt;= 1 AND totalNumberOfPatches &lt;= 5, "Low Exposure",
    totalNumberOfPatches &gt;= 6 AND totalNumberOfPatches &lt;= 9, "Medium Exposure",
    totalNumberOfPatches &gt;= 10, "High Exposure",
    totalNumberOfPatches == 0, "Compliant",
    1=1, "&lt;not reported&gt;"
  )
| stats sum(totalNumberOfPatches) as total by exposure_level
| eval category=exposure_level
| xyseries category exposure_level total</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.axisTitleX.visibility">collapsed</option>
        <option name="charting.axisTitleY.visibility">collapsed</option>
        <option name="charting.axisTitleY2.visibility">collapsed</option>
        <option name="charting.chart">pie</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.legend.placement">none</option>
        <option name="trellis.enabled">1</option>
      </chart>
    </panel>
  </row>
0 Karma
Reply

sarit_s
Communicator
‎11-22-2023 11:18 AM

Hello

Thanks ! it looks good but i still have few issues :
i configured this :

       <style>
          #trellis_pie div.facets-container div.viz-panel:nth-child(1) g.highcharts-series path
          {
            fill: blue !important;
          }
          #trellis_pie div.facets-container div.viz-panel:nth-child(2) g.highcharts-series path
          {
            fill: yellow !important;
          }
          #trellis_pie div.facets-container div.viz-panel:nth-child(3) g.highcharts-series path
          {
            fill: red !important;
          }
          #trellis_pie div.facets-container div.viz-panel:nth-child(4) g.highcharts-series path
          {
            fill: green !important;
          }
          #trellis_pie div.facets-container div.viz-panel:nth-child(5) g.highcharts-series path
          {
            fill: gray !important;
          }
        </style>

if i understand correctly, the order of the colors is the order of the conditions in the "case"
so, in that case, "High Exposure" supposed to be red but actually its blue, "Low Exposure" supposed to be blue but its yellow and "Medium Exposure" supposed to be yellow but its red, the other two does not shown but it supposed to. 
also, i don't see the number of results in the pie, i just see "other" even thought Minimum size set to 0

sarit_s_0-1700680728874.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...