Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Color table on the basis of their values visualization

ssaini5
Explorer
‎09-08-2020 01:53 PM

Hello, 

I am generating the following table in splunk dashboard using the following query from raw data file: 

Two types of values each Process status can have 

Process NameProcess Status
VM_NAME
Process
oracle
cm
server
"vm1 "
"Process1"
"0"
"0"
"0"
VM_NAME
Process
oracle
cm
server
"vm2 "
"Process1"
"43"
"1"
"2"

 

index="log" source="/var/tmp/logs/test.log" | rex max_match=0 (?s)(?<vm>.*?); | mvexpand vm | rex field=vm max_match=0 (?<name>\S+?):?\s(?<value>.*) | rex mode=sed field=value s/(.*)/\"\1\"/g | eval tmp=mvzip(name,value,"=") | rename tmp as _raw | kv | table name value | rename name as "Process Name" | rename value as "Process Status"

Now, I want to color code the values of this table as red/green on the basis of if the running processes are zero or not. I don't want anything complex just a simple color coding would work. Please suggest.

Thanks in advance 

Labels (3)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-09-2020 06:17 AM

Edit the dashboard and click on the pen icon in the heading of the table column you wish to color.  Select the Color tab then choose "Values" from the drop-down menu.  Select "Define rules" then create a rule to paint the cells a certain color if the value is zero and another rule to paint the cells a different color otherwise.  Save the dashboard.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...