Solved: Splunk Bar Chart Colors

harishfysx · ‎03-19-2024

Hi I am fairly new to Splunk , thank you in advance if you can help me...:)

My goal is to log the service response duration each time a ESService is called. The ESService value can be anything. In the table format below I am able to see which service is being hit and the duration .

But in the visualization section, all the events showing the same color, Is there anyway to show different color for each ESService . For example , when ESBusinessrep blue, for ESPerson red etc.(dynamically there can be N number of service types). And when I hover on the bars they are showing time, and duration values only not the ESService. How to achieve this?

bowesmana · ‎03-19-2024

A bar chart will give you a different colour for each series, so you would need to do something like

| chart max(duration) over _time by ESService

View solution in original post

bowesmana · ‎03-19-2024

A bar chart will give you a different colour for each series, so you would need to do something like

| chart max(duration) over _time by ESService

harishfysx · ‎03-20-2024

Thank you bowesmana!.

Really appreciate your help on this.

now I am greedy....

Can I get query to get Max, Average, Minimum of each ESService?

harishfysx · ‎03-20-2024

transaction transactionId startswith="step=Before" endswith="step=After" | stats max(duration) as MaxRespTime avg(duration) as AvgRespTime min(duration) as MinRespTime by ESService

This should do it .

Splunk Bar Chart Colors

Get More Out of Your Security Practice With a SIEM

New This Month - SLO Capabilities, APM Advanced Filtering & Usage Analytics Plus ...

Enterprise Security Content Update (ESCU) | New Releases