I am using the following query to display a result on a dashboard (query with sample data which resembles the data I use):
| makeresults
| eval zip="Test-10264,Production;Test-10262,Production;Test-102123,Production;MGM-1,Development;MGM-2,Development;MGM-3,Development;MGM-4,Development"
| makemv delim=";" zip
| mvexpand zip
| table zip _time
```End of sample data```
| rex field=zip "(?<ticket>.+?),(?<Status>.+$)"
| stats values(ticket) as tickets by Status
| stats count(tickets) as amount by Status
And this is being returned by visualization:
The issue I'm facing is both columns have the same color, but I want to each column to have its own unique color (this doesn't have to be predefined, it would be okay if Splunk itself chooses random colors).
Thanks in advance!
Edit: typo
1 Solution
Hi @TallBear
The easiest way to achieve this is to create multiple series like this, and then change to stacked bar chart:
| makeresults
| eval zip="Test-10264,Production;Test-10262,Production;Test-102123,Production;MGM-1,Development;MGM-2,Development;MGM-3,Development;MGM-4,Development"
| makemv delim=";" zip
| mvexpand zip
| table zip _time
```End of sample data```
| rex field=zip "(?<ticket>.+?),(?<Status>.+$)"
| stats values(ticket) as tickets by Status
| stats count(tickets) as amount by Status
``` Add the SPL below ```
| eval {Status}=amount
| fields - status amount
Please let me know how you get on and consider accepting this answer or adding karma this answer if it has helped.
Regards
Will
Hi @TallBear
The easiest way to achieve this is to create multiple series like this, and then change to stacked bar chart:
| makeresults
| eval zip="Test-10264,Production;Test-10262,Production;Test-102123,Production;MGM-1,Development;MGM-2,Development;MGM-3,Development;MGM-4,Development"
| makemv delim=";" zip
| mvexpand zip
| table zip _time
```End of sample data```
| rex field=zip "(?<ticket>.+?),(?<Status>.+$)"
| stats values(ticket) as tickets by Status
| stats count(tickets) as amount by Status
``` Add the SPL below ```
| eval {Status}=amount
| fields - status amount
Please let me know how you get on and consider accepting this answer or adding karma this answer if it has helped.
Regards
Will
If you want to change the color, please use this.
In the source code you have to add an option inside the chart tag.
For the Column Chart panel we have written the option as :
<option name="charting.fieldColors">
{"status":#66FF00,"date_hour":#FF0000,"amount":#00009C}</option>
Here status , and amount are the fields names of the column chart. Also you have to specify the hexadecimal codes of the colors for every fields which you want color . You can put any hexadecimal color codes as per your wish.
