Splunk Search

How to color cells with time format (duration)

marina_rovira
Contributor

Hi there!

I have a table full of calls information and I want to give colour to one of them:
alt text

I've tried the fieldformat thing but I can not set colors. I would like to use the options that splunk give for table format.

I like to set the calls which have a duration greater than 45 minutes to be in yellow.

Any idea how can i do this?

Thank you in advance!

0 Karma

jamesbrock
Path Finder

You could try doing a eval on the time to get the a number of minutes, then use a rangemap to color the cells you want.

check this page

https://answers.splunk.com/answers/65240/converting-hours-minutesseconds-to-a-numerical-value.html

search="foobar"
| rex field="MaxCallDuration" "(?\d{2}):(?\d{2})'(?\d{2})"
| eval duration_seconds = ((hour*3600)+(min*60)+sec)
| rangemap field=duration_seconds low=1-59 guarded=60-179 elevated=180-479 high=480-899 severe=900-36000
| stats count by range

low = green
guarded = blue
elevated = yellow
high = orange
severe =red

0 Karma

marina_rovira
Contributor

I think I'm not understanding your answer, here you have what I'm doing:

| eval MaxHandleTimesecs=strptime(MaxHandleTime, "%H:%M:%S")-strptime("00:00:00", "%H:%M:%S") ----> I do this with all the fields with duration

| stats sum(CallsPresented) as "Number of Calls".... sum(MaxHandleTimesecs) as MaxCallDuration by CSQName ---> The "..." are the other fields, the same as sum(..)

| fieldformat MaxCallDuration=tostring(round('MaxCallDuration',0),"duration") | table CSQName,"Number of Calls","Calls abandoned","Average time to response","Average call duration","Max Time to Abandon",MaxCallDuration

All to have a table with by Name, all the duration fields calculations, for having sum up all the durations.

I've checked and withot the fieldformat or converting it as strign to show in HH:MM:SS format, it works. How can I do for it to work also even in the other format?

Thank you

0 Karma

koppolu17
Explorer
0 Karma

marina_rovira
Contributor

Is there any way to do it without js?
Splunk gives option to put colors, and one option is about colour range. The problem I have is that as the format is in time format, it doesn't recognize well, I think, if something is greater or not from a value.

I've tried to put 00:45:00 and 2700 (45min *60 sec), and none worked.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...