Re: Color cell from table conditionally on compari...

pedropiin · ‎07-23-2025

Hi everyone,

I'm working on a dashboard that's comparing two different applications. One of the tables has their performance throught different metrics side-by-side, as such:

"Avg Time App1" | "Avg Time App2" | "Max Time App1" | "Max Time App2" | ...

Additionally, each row of the table represents a different date, so my team and I can check their performance through an arbitrary time interval.

My idea was to color a certain cell based on its value compared to the equivalent value of the other app. So, for example, let's say "Avg Time App1" = 5.0 and "Avg Time App2" = 8.0 on day X (an arbitrary row). My idea is to highlight the cell for the "Avg Time App2" on day X as its value is bigger than for App1.

I'm aware I can color cells dinamically with the `<format>` block, by setting `type="color"` and the `field` to whatever my field is. But I wanted to know how I can do this by each row (this means that even if the cell on the first row of column X is highlighted, the next rows won't necessarily be) and based on a comparison with another cell, from another column, on the same row.

One other detail is that the name of my columns contains a token. So a somewhat related problem I've been having is accessing the value from the cells, because, to my understanding, it would turn out as something of the sort:
$row."Avg Time $app1$"$

So if someone could help me implement this conditional coloring idea, I would be very grateful.

Thanks in advance,
Pedro

livehybrid · ‎07-23-2025

hi @pedropiin

Is this the sort of thing you're looking for? Its a little complicated to setup due to the way the expression works in the <format> (cant reference other fields) so you need to create an mvfield containing the two values you want to compare, then use CSS to hide the other! Anyway - let me know what you think!

Full example code

<dashboard version="1.1">
  <label>Colour smaller number cells</label>
  <description>App1 should be green if App1&lt;App2, App2 should be green if App2&lt;App1</description>
  <row>
    <panel>
      <html>
        <style>
          #tableCellColour table tbody td div.multivalue-subcell[data-mv-index="1"]{
            display: none;
          }
        </style>
      </html>
      <table id="tableCellColour">
        <search>
          <query>| makeresults count=10 
| streamstats count AS row 
| eval "Hidden Avg Time App1" = (random() % 100) + 1 
| eval "Hidden Avg Time App2" = (random() % 100) + 1 
| eval "Avg Time App1" = mvappend('Hidden Avg Time App1', 'Hidden Avg Time App2')
| eval "Avg Time App2" = mvappend('Hidden Avg Time App2', 'Hidden Avg Time App1')
| fields - Hidden*
| table _time *</query>
          <earliest>@d</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">50</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">none</option>
        <option name="percentagesRow">false</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
        <format type="color" field="Avg Time App1">
          <colorPalette type="expression">case(mvindex(value,1) &gt; mvindex(value,0), "#1ce354", 1=1, "#de2121")</colorPalette>
        </format>
        <format type="color" field="Avg Time App2">
          <colorPalette type="expression">case(mvindex(value,1) &gt; mvindex(value,0), "#1ce354", 1=1, "#de2121")</colorPalette>
        </format>
      </table>
    </panel>
  </row>
</dashboard>

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

ITWhisperer · ‎07-23-2025

Assuming you are using SimpleXML / Classic dashboards, you might be able to implement something along these lines. For each cell that you want coloured, calculate what the colour should be and make the field a multivalue field, placing the colour as the second value. Then you can use CSS to hide the second multivalue in each cell. This technique has been documented in many answer on this site. For example, https://community.splunk.com/t5/Dashboards-Visualizations/Highlight-row-if-unique-values-exist-withi...

pedropiin · ‎07-23-2025

Hi @ITWhisperer , thanks for your reply

I didn't know about this multivalue strategy and it seems very useful. But how would I use, e.g., a "foreach *" structure to implement it between two different fields? Because the only thing I could think of in the lines of using multivalue is something of the sort:

for each field
if field should be compared
if field.value > nextField.value
value = mvappend(value, "RED")

But I'm still confused regarding how to use this logic to compare two different fields.

Thanks in advance,
Pedro

ITWhisperer · ‎07-23-2025

Please can you provide some sample events to demonstrate your issue?

Color cell from table conditionally on comparison between values

table

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

Color cell from table conditionally on comparison between values

table

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!