Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to color trend in single value?

tamduong16
Contributor
‎11-06-2017 03:31 PM

I can not figure out how to color the trend instead of the value. This is my search:

alt text

I found a documentation about it on splunk but it doesn't show how to use it or what command I should use. I look around and try option like colorvalue, rangemap, .... but have no result. This is the example i saw on splunk documentation site:
alt text
I want the big number to be black and the trendline along with the number below it to be a different color depend on the number. Did I do anything wrong here? Thanks

Preview file
28 KB
Preview file
8 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎11-06-2017 07:37 PM

@tamduong16, you can change these settings from UI Edit by setting the visualization Format.
Following are the settings you need based on behavior described in your query through UI in Edit mode:

alt text
Following are the Simple XML chart configuration required for the same:

    <option name="colorBy">trend</option>
    <option name="colorMode">none</option>
    <option name="trendColorInterpretation">standard</option>
    <option name="trendDisplayMode">absolute</option>
    <option name="useColors">1</option>

Refer to Splunk Documentation on configuring Single Value visualization through Simple XML: https://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#single_value

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Preview file
17 KB
Reply
Solved! Jump to solution
Solution

niketn
Legend
‎11-06-2017 07:37 PM

@tamduong16, you can change these settings from UI Edit by setting the visualization Format.
Following are the settings you need based on behavior described in your query through UI in Edit mode:

alt text
Following are the Simple XML chart configuration required for the same:

    <option name="colorBy">trend</option>
    <option name="colorMode">none</option>
    <option name="trendColorInterpretation">standard</option>
    <option name="trendDisplayMode">absolute</option>
    <option name="useColors">1</option>

Refer to Splunk Documentation on configuring Single Value visualization through Simple XML: https://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#single_value

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Preview file
17 KB
Reply
Solved! Jump to solution

abi2023
Path Finder
‎08-30-2023 08:09 AM

How do I change color single value trend by default it either red for negative, and green for positive. I want my single value color to be as I define in my range value even if trend is negative or positive. below is my source code.

    <earliest>-30d@d</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="colorBy">trend</option>
        <option name="colorMode">none</option>
        <option name="drilldown">none</option>
        <option name="numberPrecision">0</option>
        <option name="rangeColors">["0xff1414","0xdc4e41","0x53a051","0xf1813f","0xdc4e41"]</option>
        <option name="rangeValues">[20,30,50,100]</option>
        <option name="showSparkline">1</option>
        <option name="showTrendIndicator">1</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
        <option name="trendColorInterpretation">standard</option>
        <option name="trendDisplayMode">absolute</option>
        <option name="trendInterval">-30d</option>
        <option name="unitPosition">after</option>
        <option name="useColors">1</option>
        <option name="useThousandSeparators">1</option>
      </single>
    </panel>

  

Thank you in advance.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...