Re: How to add a color to the field in one column ...

msr · ‎09-28-2020

Hi,

How can I add a color to the field in one column based on the other column filed values? The example below, I need to display service filed green if the status is running and red if the status is down.

service	status
McAfee EPO	down
Symantec DLP	running

ITWhisperer · ‎09-29-2020

Add some css in the panel above your table and give your table an id

      <html>
        <style>
          #tableservicestatus table tbody td div.multivalue-subcell[data-mv-index="1"]{
            display: none;
          }
        </style>
      </html>
      <table id="tableservicestatus">

Then convert your field to a mv with the status

--- your query
| eval service=service."|".status
| eval service=split(service,"|")

Then colour the field based on the value (of the mv)

        <format type="color" field="service">
          <colorPalette type="expression">case (match(value,"down"), "rgb(255,0,0)",match(value,"running"),"rgb(0,255,0)")</colorPalette>
        </format>

How to add a color to the field in one column based on the other column filed values

fields

search job inspector

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?