Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Horizontal Bar Chart Bar Colors
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a horizontal bar chart usingthe following post processing search:
| stats count by urgency
| eval urgency = if(urgency=="-", "unknown", 'urgency')
The values of the urgency field are:
"1 - High"
"2 - Medium"
"3 - Low"
"unknown"
I would like the horizontal bar color to change for each value:
"1 - High" would be Red
"2 - Medium" would be Orange
"3 - Low" would be Yellow
"unknown" would remain blue
I have seen code for working with value ranges, but I am looking for code that works only with the value.
Any suggestions are grealy appreciated
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jason_hotchkiss,
I've done similar before, adding the below should work:
<option name="charting.fieldColors">{"1 - High": <insert CSS color code for desired red here>, "2 - Medium": <insert CSS color code for desired orange here>, "3 - Low": <insert CSS color code for desired yellow here>, "unknown": <insert CSS color code for desired blue here>}</option>Thanks,
Jamie
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jason_hotchkiss,
I've done similar before, adding the below should work:
<option name="charting.fieldColors">{"1 - High": <insert CSS color code for desired red here>, "2 - Medium": <insert CSS color code for desired orange here>, "3 - Low": <insert CSS color code for desired yellow here>, "unknown": <insert CSS color code for desired blue here>}</option>Thanks,
Jamie
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jamie00171
So this snippet only works with the values in the key, which in my case is only count.
1 - High ########################
2 - Med ###########
3 - Low ############ count
unknown ######
If I use count in the charting.fieldcolors it works.
Not if I use the actual field values.
Still looking for how to work with the values.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I changed my prost processing search to:
| eval urgency = if(urgency=="-", "unknown", 'urgency')
| stats
count(eval(urgency="1 - High")) as "1 - High"
count(eval(urgency="2 - Medium")) as "2 - Medium"
count(eval(urgency=="3 - Low")) as "3 - Low"
count(eval(urgency="unknown")) as "unknown"
by urgency
This puts the values in the key, and then the charting.fieldcolors works.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
