Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Color table on the basis of their values visualization

ssaini5
Explorer
‎09-08-2020 01:53 PM

Hello, 

I am generating the following table in splunk dashboard using the following query from raw data file: 

Two types of values each Process status can have 

Process NameProcess Status
VM_NAME
Process
oracle
cm
server
"vm1 "
"Process1"
"0"
"0"
"0"
VM_NAME
Process
oracle
cm
server
"vm2 "
"Process1"
"43"
"1"
"2"

 

index="log" source="/var/tmp/logs/test.log" | rex max_match=0 (?s)(?<vm>.*?); | mvexpand vm | rex field=vm max_match=0 (?<name>\S+?):?\s(?<value>.*) | rex mode=sed field=value s/(.*)/\"\1\"/g | eval tmp=mvzip(name,value,"=") | rename tmp as _raw | kv | table name value | rename name as "Process Name" | rename value as "Process Status"

Now, I want to color code the values of this table as red/green on the basis of if the running processes are zero or not. I don't want anything complex just a simple color coding would work. Please suggest.

Thanks in advance 

Labels (3)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-09-2020 06:17 AM

Edit the dashboard and click on the pen icon in the heading of the table column you wish to color.  Select the Color tab then choose "Values" from the drop-down menu.  Select "Define rules" then create a rule to paint the cells a certain color if the value is zero and another rule to paint the cells a different color otherwise.  Save the dashboard.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Index This | What is the next number in the series? 7,645 5,764 4,576…

February 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...