Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Color table on the basis of their values visualization

ssaini5
Explorer
‎09-08-2020 01:53 PM

Hello, 

I am generating the following table in splunk dashboard using the following query from raw data file: 

Two types of values each Process status can have 

Process NameProcess Status
VM_NAME
Process
oracle
cm
server
"vm1 "
"Process1"
"0"
"0"
"0"
VM_NAME
Process
oracle
cm
server
"vm2 "
"Process1"
"43"
"1"
"2"

 

index="log" source="/var/tmp/logs/test.log" | rex max_match=0 (?s)(?<vm>.*?); | mvexpand vm | rex field=vm max_match=0 (?<name>\S+?):?\s(?<value>.*) | rex mode=sed field=value s/(.*)/\"\1\"/g | eval tmp=mvzip(name,value,"=") | rename tmp as _raw | kv | table name value | rename name as "Process Name" | rename value as "Process Status"

Now, I want to color code the values of this table as red/green on the basis of if the running processes are zero or not. I don't want anything complex just a simple color coding would work. Please suggest.

Thanks in advance 

Labels (3)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-09-2020 06:17 AM

Edit the dashboard and click on the pen icon in the heading of the table column you wish to color.  Select the Color tab then choose "Values" from the drop-down menu.  Select "Define rules" then create a rule to paint the cells a certain color if the value is zero and another rule to paint the cells a different color otherwise.  Save the dashboard.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...