- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Horizontal Bar Chart Bar Colors: How to create sea...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a horizontal bar chart usingthe following post processing search:
| stats count by urgency
| eval urgency = if(urgency=="-", "unknown", 'urgency')
The values of the urgency field are:
"1 - High"
"2 - Medium"
"3 - Low"
"unknown"
I would like the horizontal bar color to change for each value:
"1 - High" would be Red
"2 - Medium" would be Orange
"3 - Low" would be Yellow
"unknown" would remain blue
I have seen code for working with value ranges, but I am looking for code that works only with the value.
Any suggestions are grealy appreciated
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jason_hotchkiss,
I've done similar before, adding the below should work:
<option name="charting.fieldColors">{"1 - High": <insert CSS color code for desired red here>, "2 - Medium": <insert CSS color code for desired orange here>, "3 - Low": <insert CSS color code for desired yellow here>, "unknown": <insert CSS color code for desired blue here>}</option>Thanks,
Jamie
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jason_hotchkiss,
I've done similar before, adding the below should work:
<option name="charting.fieldColors">{"1 - High": <insert CSS color code for desired red here>, "2 - Medium": <insert CSS color code for desired orange here>, "3 - Low": <insert CSS color code for desired yellow here>, "unknown": <insert CSS color code for desired blue here>}</option>Thanks,
Jamie
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jamie00171
So this snippet only works with the values in the key, which in my case is only count.
1 - High ########################
2 - Med ###########
3 - Low ############ count
unknown ######
If I use count in the charting.fieldcolors it works.
Not if I use the actual field values.
Still looking for how to work with the values.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I changed my prost processing search to:
| eval urgency = if(urgency=="-", "unknown", 'urgency')
| stats
count(eval(urgency="1 - High")) as "1 - High"
count(eval(urgency="2 - Medium")) as "2 - Medium"
count(eval(urgency=="3 - Low")) as "3 - Low"
count(eval(urgency="unknown")) as "unknown"
by urgency
This puts the values in the key, and then the charting.fieldcolors works.
Enter the Splunk Community Dashboard Challenge for Your Chance to Win!
.conf24 | Session Scheduler is Live!!
Introducing the Splunk Community Dashboard Challenge!
