- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Horizontal Bar Chart Bar Colors: How to create sea...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a horizontal bar chart usingthe following post processing search:
| stats count by urgency
| eval urgency = if(urgency=="-", "unknown", 'urgency')
The values of the urgency field are:
"1 - High"
"2 - Medium"
"3 - Low"
"unknown"
I would like the horizontal bar color to change for each value:
"1 - High" would be Red
"2 - Medium" would be Orange
"3 - Low" would be Yellow
"unknown" would remain blue
I have seen code for working with value ranges, but I am looking for code that works only with the value.
Any suggestions are grealy appreciated
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jason_hotchkiss,
I've done similar before, adding the below should work:
<option name="charting.fieldColors">{"1 - High": <insert CSS color code for desired red here>, "2 - Medium": <insert CSS color code for desired orange here>, "3 - Low": <insert CSS color code for desired yellow here>, "unknown": <insert CSS color code for desired blue here>}</option>Thanks,
Jamie
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jason_hotchkiss,
I've done similar before, adding the below should work:
<option name="charting.fieldColors">{"1 - High": <insert CSS color code for desired red here>, "2 - Medium": <insert CSS color code for desired orange here>, "3 - Low": <insert CSS color code for desired yellow here>, "unknown": <insert CSS color code for desired blue here>}</option>Thanks,
Jamie
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jamie00171
So this snippet only works with the values in the key, which in my case is only count.
1 - High ########################
2 - Med ###########
3 - Low ############ count
unknown ######
If I use count in the charting.fieldcolors it works.
Not if I use the actual field values.
Still looking for how to work with the values.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I changed my prost processing search to:
| eval urgency = if(urgency=="-", "unknown", 'urgency')
| stats
count(eval(urgency="1 - High")) as "1 - High"
count(eval(urgency="2 - Medium")) as "2 - Medium"
count(eval(urgency=="3 - Low")) as "3 - Low"
count(eval(urgency="unknown")) as "unknown"
by urgency
This puts the values in the key, and then the charting.fieldcolors works.
Archived Metrics Now Available for APAC and EMEA realms
Detecting Remote Code Executions With the Splunk Threat Research Team
Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!
