Splunk Search

Change Pie Chart Color

vtsguerrero
Contributor

Hello guys!
Can anyone help me changin' the color for this search:

index=main sourcetype=file | stats count by REQUEST_STATUS | rename count as "Quantity"

I need a chart with green for few registers, yellow for medium registers and red for high frequency registers.

Thanks in Advance!

Bst Rgds!

1 Solution

yannK
Splunk Employee
Splunk Employee

This is possible by assigning a particular color to your series. (charting.seriesColors)
see http://docs.splunk.com/Documentation/Splunk/6.1.3/Viz/Chartcustomization#Chart_colors

You will need :

  • to name your series (charting.legend.labels)
  • or to sort your series before (sort or a table )

View solution in original post

supertal3
Engager

I know this question is extremely old. (5 years now) But I've found a solution that works the way you want and for @ArkansIan and @Aftab_alam

Instead of using charting.seriesColors, use charting.fieldcolors.

Here's a quick example.
{"Informational":0x00812F , "Low":0x00CB09 , "Normal":0xFFC300 , "High":0xFF7400 , "Critical":0xFF0000}
This sets the color for each category as it shows up and is not dependent on if all the values lower than the highest are present or not.

yannK
Splunk Employee
Splunk Employee

This is possible by assigning a particular color to your series. (charting.seriesColors)
see http://docs.splunk.com/Documentation/Splunk/6.1.3/Viz/Chartcustomization#Chart_colors

You will need :

  • to name your series (charting.legend.labels)
  • or to sort your series before (sort or a table )

ArkansIan
New Member

The problem with this is that it is sequence.

For example, if you have "Low, Medium and High" defined with green, yellow and red defined and you only have high results, then the color for High will be green.

How do you specify a color for each result in a pie chart so that the colors in the chart generated are consistent?

0 Karma

Aftab_alam
Explorer

hi Arkanslan,
were u able to solve this? I have similar requirement. need to fix color for series.

0 Karma
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...