Monitoring Splunk

how to change graph color to Red, Green and Yellow based on some condition

yagnaprasad
New Member

index=osnixscript sourcetype=cpu host=* | multikv fields pctIdle | eval Percent_CPU_Load = 100 - pctIdle | timechart span=5m avg(Percent_CPU_Load) by host

i  have modified above query into below and added conditions based on criteria to change the color of the graph..


index=osnixscript sourcetype=cpu host=* | multikv fields pctIdle | eval Percent_CPU_Load = 100 - pctIdle | timechart span=5m avg(Percent_CPU_Load) by host | eval Threshold_Color=case(Percent_CPU_Load>0 AND Percent_CPU_Load>2, "Normal", Percent_CPU_Load>2 AND Percent_CPU_Load <=8, "Warning", Percent_CPU_Load > 8 AND Percent_CPU_Load < 90, "Critical")

i have added code in the xml with <option name="charting.fieldColors">{"Normal":0xFF0000,"Warning":0xFFFF00, "Critical":0x73A550}</option>

I couldn't be able to see the change in graph colors based on the conditions defined in the query. Can someone please look into the query and correct me with changes required to fix this issue. Thanks in Advance

 

 

 

 

Labels (1)
0 Karma

yagnaprasad
New Member

I am looking for graph color change if we put condition for ex: if(cpuusage <40) then the graph color should be in "Green". if (cpuusage >40 and cpuusage <75) then graph color should be in "Yellow". if cpuusage > 75 then the graph color should be in Red. Please suggest us with the changes needs to be done w.r.to query and source code (xml changes required). Please help us. Thanks in Advance.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...