Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set 2 different colors for 2 different values in the same field dynamically in bar charts ?

shinta_rcm
Explorer
‎01-05-2022 02:15 AM
Stage(Field name)
Capa
Capa_india
north_Capa
checkcapaend
NET
net_east
southNETregion
showmeNET
us_net

 

From the field Stage, if the value contains capa 0r Capa I need to color the bar chart as Blue. Otherwise need to show the bar chart color as Orange.

 

Thanks in advance.

Labels (1)
Labels
0 Karma
Reply

SinghK
Builder
‎01-05-2022 03:39 AM

check this post might be of help.

 

https://community.splunk.com/t5/Splunk-Search/How-to-change-bar-chart-color-based-on-its-value/m-p/5...

0 Karma
Reply

shinta_rcm
Explorer
‎01-05-2022 04:07 AM

Thanks a lot for your reply.

The solution that you suggested is for numeric values. But we are working on String values.

<option name="charting.fieldColors">{"%capa%": 0xFF0000, "elevated": 0xFF9900, "low":0x008000}</option>

Is it possible to add wildcards like in the above XML code. If not kindly suggest an alternative approach.

The word "Capa" can occur in any part of the value and in some cases it may not occur too. So, we need a dynamic approach to color a bar of the bar chart.

0 Karma
Reply

SinghK
Builder
‎01-05-2022 05:50 AM

|makeresults
|eval stage= "Capa Capa_india north_Capa checkcapaend NET net_east"
|makemv stage
|mvexpand stage
|eval stage=lower(stage)
|fields - _time
|eval stagename = if(match(stage,"capa"),1,2)
|chart count by stage stagename

 

try that if that helps..

0 Karma
Reply

shinta_rcm
Explorer
‎01-07-2022 04:56 AM

Thanks for the reply. We have already 3 fields in the chart command. Not able to add the 4th one in the command.

 

Also, kindly suggest if there is a way to include wildcards in charting.fieldColors, charting.seriesColors or in charting.annotation.categoryColors. This will be very helpful in my case.

0 Karma
Reply

SinghK
Builder
‎01-05-2022 05:52 AM

Results

SinghK_0-1641390742878.png

 

0 Karma
Reply

SinghK
Builder
‎01-05-2022 03:26 AM

you can do that in statistical table easy.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...