Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

coloring coloumn chart

smolcj
Builder
‎11-28-2012 11:24 PM

Hi all,
my search is like index=main | chart count by severity
and i am getting a chart like
count in y axis, error and info in x axis and the color of both columns are blue
i modified the search in view as
index=main | chart count by severity| eval red=if(severity=="ERROR",1,0)|eval green = if(severity=="INFO",1,0)
and charting option to

{"red":0xFF0000,"green":0x00FF00}

but i am getting a wiered chart with top border color as i specified and fill color as count color, also i am not able to drill down it.
please help
Thank you

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎11-29-2012 02:43 PM

Here is an answer that may help: Change chart bar color based on data value

Note that this technique leverages a side-effect of the stats command; it does not work with the chart command.

View solution in original post

Reply
Solved! Jump to solution

smolcj
Builder
‎11-29-2012 10:45 PM

dashboard is in simple xml, it have a dropdown box listing sources and a chart showing the severity

0 Karma
Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎11-29-2012 02:43 PM

Here is an answer that may help: Change chart bar color based on data value

Note that this technique leverages a side-effect of the stats command; it does not work with the chart command.

Reply
Solved! Jump to solution

lguinn2
Legend
‎11-30-2012 02:42 PM

The automatic drilldown will not work, because the search has eval commands following the stats command:

sourcetype=mysourcetype AND searchstuffforerrors | stats count by host
| eval redCount = if(count>20,count,0)
| eval yellowCount = if(count<=20 AND count>15,count,0)
| eval greenCount = if(count<=15, count, 0)
| fields - count

You should be able to include an explicit drill-down in the XML, starting with Splunk 5.0. Look here for more info on drill-down: http://docs.splunk.com/Documentation/Splunk/5.0/Viz/Dynamicdrilldownindashboardsandforms

Reply
Solved! Jump to solution

smolcj
Builder
‎11-29-2012 09:53 PM

is it possible to use an explicit drill down option using
if so /app/search/flashtimeline?q=source=$sources$
here sources is my dropdown box result, how to create a query supporting this drill down
please help

0 Karma
Reply
Solved! Jump to solution

smolcj
Builder
‎11-29-2012 08:45 PM

Thanks lguinn, it worked well, but i am not able to drill down from the chart, befor changing the color i was able to . but not now,, why?
"PARSER: Applying intentions failed Unable to drilldown because of post-reporting 'eval' command"
this is the error
please help

0 Karma
Reply
Solved! Jump to solution

jonuwz
Influencer
‎11-29-2012 05:09 AM

can you post the complete XML for the dashboard ?

0 Karma
Reply
Solved! Jump to solution

smolcj
Builder
‎11-29-2012 05:03 AM

i tried with this option
charting.chart.fieldColors
but no change, drilldown is also not happening

0 Karma
Reply
Solved! Jump to solution

jonuwz
Influencer
‎11-29-2012 04:41 AM

pretty sure it should be charting.chart.fieldColors not charting.fieldColors

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...