Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Change Colors of Bar based on legend
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's a simple query. I am just trying to give different color to different legends in my bar graph. below is the XML
<dashboard>
<label>Incident Review Dashboard_new</label>
<row>
<panel>
<chart>
<search>
<query>| datamodel Incident_Management Notable_Events search | stats count by severity </query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">1</option>
<option name="charting.axisY2.maximumNumber">200</option>
<option name="charting.axisY2.minimumNumber">100</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.overlayFields">low,high,severe,medium</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">1</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option>
<option name="charting.legend.labels">[low,medium,high,severe]</option>
<option name="charting.legend.placement">none</option>
<option name="charting.seriesColors">[oxffbf00,0xFF0000,0xFFFF00,0x00FF00]</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
</dashboard>
But in the dashboard, it's giving just one color to all bars i.e., the color code "0x40ff00". I think it's probably because in the bar chart the there's just one legend i.e., "count". Can somebody help how can i sort this out. I want color in the following format to the bars
high-orange
severe-red
low-green
medium-blue
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@qbolbk59, Provided the severity field as per your query has values severe, high, medium and low, you can use the transpose command to invert the table as per your need to have legends based on severity field values:
| datamodel Incident_Management Notable_Events search
| stats count by severity
| transpose header_field=severity column_name=severity
Based on the colors as required in the question following color hex codes can be applied using chart configuration charting.fieldColors:
<option name="charting.fieldColors">{severe":0xFF0000,"high":0xFFA500,""medium":0x0000FF,"low":0x00FF00}</option>
PS: Get rid of chart configuration options which are not required and may be contradicting like charting.seriesColorsand charting.legend.labels.
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@qbolbk59, Provided the severity field as per your query has values severe, high, medium and low, you can use the transpose command to invert the table as per your need to have legends based on severity field values:
| datamodel Incident_Management Notable_Events search
| stats count by severity
| transpose header_field=severity column_name=severity
Based on the colors as required in the question following color hex codes can be applied using chart configuration charting.fieldColors:
<option name="charting.fieldColors">{severe":0xFF0000,"high":0xFFA500,""medium":0x0000FF,"low":0x00FF00}</option>
PS: Get rid of chart configuration options which are not required and may be contradicting like charting.seriesColorsand charting.legend.labels.
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @niketnilay, It's working now !!
Splunk Observability for AI
[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events
Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!
