Splunk Enterprise

How to add colour feature in dashboard which the value is in the time format


I did not received the expected result on the below query,
could anyone please check.


In the below dashboard table, I need to set colour condition of 2 columns that is is expected difference and sla_difference.
if expected_difference Is negative it should show in red colour if it is positive it should show in green colour.
same as for sla_difference if it is negative it should be orange if it is positive it should show in green.




Labels (1)
Tags (1)
0 Karma
1 Solution


thank you @preotesoiu it worked for me!!

View solution in original post

0 Karma


thank you @preotesoiu it worked for me!!

0 Karma

Path Finder

you have to edit the xml, see below as example, adjust the colours as need it

<dashboard theme="dark">
<label>test collor pallete</label>
<query>| makeresults
| eval result1="-100", result2 = "23"</query>
<option name="drilldown">none</option>
<format type="color" field="result1">
<colorPalette type="expression">if(like(value,"%-%"),"#65A637", "#FF0000")</colorPalette>
<format type="color" field="result2">
<colorPalette type="expression">if(like(value,"%-%"),"#65A637", "#FF0000")</colorPalette>

Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...