Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it possible to change the color of the output in a single value visualization format (42) ?

Real_captain
Path Finder
‎08-20-2024 04:44 AM

Hi Team 

Can you please help me to find a way to change the color of the output value in a single value visualization. 

If COUNT_MSG is OK , then display OK in Green 
If COUNT_MSG is NOK , then display NOK in Red


Current Code : 

<panel>
<title>SEMT FAILURES DASHBOARD</title>
<single>
<search>
<query>(index="events_prod_gmh_gateway_esa") sourcetype="mq_PROD_GMH" Cr=S* (ID_FCT=SEMT_002 OR ID_FCT=SEMT_017 OR ID_FCT=SEMT_018 ) ID_FAMILLE!=T2S_ALLEGEMENT | eval ERROR_DESC= case(Cr == "S267", "T2S - Routing Code not related to the System Subscription." , Cr == "S254", "T2S - Transcodification of parties is incorrect." , Cr == "S255", "T2S - Transcodification of accounts are impossible.", Cr == "S288", "T2S - The Instructing party should be a payment bank.", Cr == "S299", "Structure du message incorrecte.",1=1,"NA") | stats count as COUNT_MSG | eval status = if(COUNT_MSG = 0 , "OK" , "NOK" )
| table status</query>
<earliest>@d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
<refresh>1m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="drilldown">all</option>
<option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<option name="useColors">1</option>
</single>
</panel>

 

Current Output: 

Real_captain_0-1724154208753.png

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-20-2024 09:01 AM

If you have multiple panels, you are probably going to have to use multiple tokens

<html> <style> #single1 text { fill: $colour1$ !important; } 
</style> </html> 
| eval _colour=if(final_status ="OK","Green","Red")
| fields final_status _colour</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
          <done>
            <set token="colour1">$result._colour$</set>
          </done>
<html> <style> #single2 text { fill: $colour2$ !important; } 
</style> </html> 
| table status _colour</query>
          <earliest>@d</earliest>
          <latest>now</latest>
<done>
            <set token="colour2">$result._colour$</set>
</done>

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-20-2024 05:32 AM

Short answer: Yes.

Longer answer: You can do it with CSS.

    <panel depends="$alwaysHide$">
      <html>
        <style>
          #single text {
          fill: $colour$ !important;
          }
        </style>
      </html>
    </panel>
    <panel>
      <single id="single">
        <search>
          <query>| makeresults
| fields - _time
| eval OnTarget=mvindex(split("Yes,No",","),random()%2)
| eval _colour=if(OnTarget="Yes","Green","Red")</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <done>
            <set token="colour">$result._colour$</set>
          </done>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
0 Karma
Reply
Solved! Jump to solution

Real_captain
Path Finder
‎08-20-2024 07:01 AM

@ITWhisperer  : It works but whenever any panel in the dashboard is refreshed, color of all the panels in the dashboard is changed from Red/Green to white. 
In my case , there are multiple panels. So , when any of the one panel is refreshed , it changes the color of all the 6 panels to white from Green/red. 

Is it possible to keep the color always as Red or Green ??? 

 

Current code : 

<row> 
<panel depends="$alwaysHide$"> 
<html> <style> #single1 text { fill: $colour$ !important; } 
</style> </html> 
</panel>
</row>
  <row>
    <panel>
      <title>EVIS DASHBOARD</title>
      <single id="single1">
        <search>
          <query>`macro_events_all_win_ops_esa` sourcetype=WinHostMon host=P9TWAEVV01STD (TERM(Esa_Invoice_Processor) OR TERM(Esa_Final_Demand_Processor) OR TERM(Esa_Initial_Listener_Service) OR TERM(Esa_MT535_Parser) OR TERM(Esa_MT540_Parser) OR TERM(Esa_MT542_Withdrawal_Request) OR TERM(Esa_MT544_Parser) OR TERM(Esa_MT546_Parser) OR TERM(Esa_MT548_Parser) OR TERM(Esa_SCM Batch_Execution) OR TERM(Euroclear_EVIS_Border_Internal) OR TERM(EVISExternalInterface)) 
| stats latest(State) as Current_Status by service 
| where Current_Status != "Running" 
| stats count as count_of_stopped_services 
| eval status = if(count_of_stopped_services = 0 , "OK" , "NOK" ) 
| fields status 

| append 
    [ search `macro_events_all_win_ops_esa` host="P9TWAEVV01STD" sourcetype=WinEventLog "Batch *Failed" System_Exception="*" 
    | stats count as count_of_failed_batches 
    | eval status = if(count_of_failed_batches = 0 , "OK" , "NOK" ) 
    | fields status
        ] 
        
| stats values(status) as status_list 
| eval final_status = if(mvcount(mvfilter(status_list=="NOK")) &gt; 0, "NOK", "OK") 
| eval _colour=if(final_status ="OK","Green","Red")
| fields final_status</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
          <done>
            <set token="colour">$result._colour$</set>
          </done>
          <sampleRatio>1</sampleRatio>
          <refresh>1m</refresh>
          <refreshType>delay</refreshType>
        </search>
        <option name="drilldown">all</option>
        <option name="refresh.display">progressbar</option>
              </single>
    </panel>
  </row>
  
  
  <row> 
<panel depends="$alwaysHide$"> 
<html> <style> #single2 text { fill: $colour$ !important; } 
</style> </html> 
<html> <style> #single3 text { fill: $colour$ !important; } 
</style> </html> 
</panel>
</row>

  <row>
    <panel>
      <title>SEMT FAILURES DASHBOARD</title>
      <single id="single2">
        <search>
          <query>(index="events_prod_gmh_gateway_esa") sourcetype="mq_PROD_GMH" Cr=S* (ID_FCT=SEMT_002 OR ID_FCT=SEMT_017 OR ID_FCT=SEMT_018 )    ID_FAMILLE!=T2S_ALLEGEMENT | eval ERROR_DESC= case(Cr == "S267", "T2S - Routing Code not related to the System Subscription."  , Cr == "S254", "T2S - Transcodification of parties is incorrect." , Cr == "S255", "T2S - Transcodification of accounts are impossible.", Cr == "S288", "T2S - The Instructing party should be a payment bank.", Cr == "S299", "Structure du message incorrecte.",1=1,"NA")     | stats  count as COUNT_MSG | eval status = if(COUNT_MSG = 0 , "OK" , "NOK"   ) 
           | eval _colour=if(status ="OK","Green","Red")
| table status</query>
          <earliest>@d</earliest>
          <latest>now</latest>
<done>
            <set token="colour">$result._colour$</set>
</done>
          <sampleRatio>1</sampleRatio>
          <refresh>1m</refresh>
          <refreshType>delay</refreshType>
        </search>
        <option name="colorBy">value</option>
        <option name="drilldown">all</option>
        <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option>
        <option name="refresh.display">progressbar</option>
        <option name="trellis.enabled">0</option>
        <option name="useColors">1</option>
        
      </single>
    </panel>
0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-20-2024 09:01 AM

If you have multiple panels, you are probably going to have to use multiple tokens

<html> <style> #single1 text { fill: $colour1$ !important; } 
</style> </html> 
| eval _colour=if(final_status ="OK","Green","Red")
| fields final_status _colour</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
          <done>
            <set token="colour1">$result._colour$</set>
          </done>
<html> <style> #single2 text { fill: $colour2$ !important; } 
</style> </html> 
| table status _colour</query>
          <earliest>@d</earliest>
          <latest>now</latest>
<done>
            <set token="colour2">$result._colour$</set>
</done>
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...