Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Color code single value on other field

mschlager
New Member
‎04-08-2016 11:34 AM

I would like to color a single value, based on a field value that is not the one displayed in the panel. I was able to do so previously using the classField option; however, since it is deprecated in 6.4 ,I'm not sure how I would do this.

Tags (1)
0 Karma
Reply

renjith_nair
Legend
‎05-26-2016 01:43 AM

You might have already resolved the problem but in case you haven't - I am still using the single panel color coding using range with a minor workaround

      <single>
        <title>Status</title>
        <search>
          <query>my search|eval range=if(Status < 1,"severe", "low") |table range Status </query>
          <earliest>-60m@m</earliest>
          <latest>now</latest>
        </search>
        <option name="classField">range</option>
        <option name="field">Status</option>
      </single>

Two things to remember :

  • The variable name should be range in the eval statement and also mention the same in classField option
  • The field you want to display as the value can be provided in the field option.

Hope this helps!

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

helenashton
Path Finder
‎05-25-2016 12:03 PM

Did you work this out? I'm trying to do exactly the same thing.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...