Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Horizontal Bar Chart Bar Colors: How to create search?

jason_hotchkiss
Communicator
‎01-26-2023 07:43 AM

I have a horizontal bar chart usingthe following post processing search:

| stats count by urgency
| eval urgency = if(urgency=="-", "unknown", 'urgency')

The values of the urgency field are:

"1 - High"
"2 - Medium"
"3 - Low"
"unknown"

I would like the horizontal bar color to change for each value:

"1 - High"  would be Red
"2 - Medium" would be Orange
"3 - Low" would be Yellow
"unknown" would remain blue

I have seen code for working with value ranges, but I am looking for code that works only with the value.  

Any suggestions are grealy appreciated


Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jamie00171
Communicator
‎01-26-2023 08:15 AM

Hi @jason_hotchkiss,

I've done similar before, adding the below should work:

<option name="charting.fieldColors">{"1 - High": <insert CSS color code for desired red here>,  "2 - Medium": <insert CSS color code for desired orange here>,  "3 - Low":  <insert CSS color code for desired yellow here>, "unknown":  <insert CSS color code for desired blue here>}</option>

Thanks, 

Jamie

View solution in original post

Reply
Solved! Jump to solution
Solution

jamie00171
Communicator
‎01-26-2023 08:15 AM

Hi @jason_hotchkiss,

I've done similar before, adding the below should work:

<option name="charting.fieldColors">{"1 - High": <insert CSS color code for desired red here>,  "2 - Medium": <insert CSS color code for desired orange here>,  "3 - Low":  <insert CSS color code for desired yellow here>, "unknown":  <insert CSS color code for desired blue here>}</option>

Thanks, 

Jamie

Reply
Solved! Jump to solution

jason_hotchkiss
Communicator
‎01-26-2023 09:07 AM

@jamie00171 

So this snippet only works with the values in the key, which in my case is only count.

1 - High       ########################
2 - Med       ###########
3 - Low        ############                                               count
unknown    ######

If I use count in the charting.fieldcolors it works.
Not if I use the actual field values.


Still looking for how to work with the values.

0 Karma
Reply
Solved! Jump to solution

jason_hotchkiss
Communicator
‎01-26-2023 09:18 AM

I changed my prost processing search to:

| eval urgency = if(urgency=="-", "unknown", 'urgency')
| stats
count(eval(urgency="1 - High")) as "1 - High"
count(eval(urgency="2 - Medium")) as "2 - Medium"
count(eval(urgency=="3 - Low")) as "3 - Low"
count(eval(urgency="unknown")) as "unknown"
by urgency

This puts the values in the key, and then the charting.fieldcolors works.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...