Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to color cells with time format (duration)

marina_rovira
Contributor
‎04-26-2017 07:56 AM

Hi there!

I have a table full of calls information and I want to give colour to one of them:
alt text

I've tried the fieldformat thing but I can not set colors. I would like to use the options that splunk give for table format.

I like to set the calls which have a duration greater than 45 minutes to be in yellow.

Any idea how can i do this?

Thank you in advance!

Preview file
1 KB
0 Karma
Reply

jamesbrock
Path Finder
‎04-26-2017 08:30 AM

You could try doing a eval on the time to get the a number of minutes, then use a rangemap to color the cells you want.

check this page

https://answers.splunk.com/answers/65240/converting-hours-minutesseconds-to-a-numerical-value.html

search="foobar"
| rex field="MaxCallDuration" "(?\d{2}):(?\d{2})'(?\d{2})"
| eval duration_seconds = ((hour*3600)+(min*60)+sec)
| rangemap field=duration_seconds low=1-59 guarded=60-179 elevated=180-479 high=480-899 severe=900-36000
| stats count by range

low = green
guarded = blue
elevated = yellow
high = orange
severe =red

0 Karma
Reply

marina_rovira
Contributor
‎04-27-2017 02:18 AM

I think I'm not understanding your answer, here you have what I'm doing:

| eval MaxHandleTimesecs=strptime(MaxHandleTime, "%H:%M:%S")-strptime("00:00:00", "%H:%M:%S") ----> I do this with all the fields with duration

| stats sum(CallsPresented) as "Number of Calls".... sum(MaxHandleTimesecs) as MaxCallDuration by CSQName ---> The "..." are the other fields, the same as sum(..)

| fieldformat MaxCallDuration=tostring(round('MaxCallDuration',0),"duration") | table CSQName,"Number of Calls","Calls abandoned","Average time to response","Average call duration","Max Time to Abandon",MaxCallDuration

All to have a table with by Name, all the duration fields calculations, for having sum up all the durations.

I've checked and withot the fieldformat or converting it as strign to show in HH:MM:SS format, it works. How can I do for it to work also even in the other format?

Thank you

0 Karma
Reply

koppolu17
Explorer
‎04-26-2017 08:09 AM

Hope you refer http://answers.splunk.com/answers/83206/color-in-a-table-based-on-values.

0 Karma
Reply

marina_rovira
Contributor
‎04-26-2017 08:30 AM

Is there any way to do it without js?
Splunk gives option to put colors, and one option is about colour range. The problem I have is that as the format is in time format, it doesn't recognize well, I think, if something is greater or not from a value.

I've tried to put 00:45:00 and 2700 (45min *60 sec), and none worked.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...