Solved: Using wild card in table column formating

splunkuser320 · ‎12-02-2022

I want to change the column cell background based on the value, but I also want to use a wild card.

Example Field values

Passed (12:20)

Failure (2:30)

Passed (4:40)

I want to change the cell color based on only Passed and Failure and ignore rest of the string.

bowesmana · ‎12-05-2022

If this was a solution for you, please mark it as solved, so others can benefit.

View solution in original post

splunkuser320 · ‎12-04-2022

Its works. Thanks for your help!!!

bowesmana · ‎12-05-2022

If this was a solution for you, please mark it as solved, so others can benefit.

bowesmana · ‎12-04-2022

Use the colorPalette format option

<format type="color" field="your_field">
<colorPalette type="expression">case(match(value,"^Passed"), "#008000", match(value, "^Failed"), "#F8BE34", true(), "#000")</colorPalette>
</format>

See the documentation here

https://docs.splunk.com/Documentation/SplunkCloud/latest/Viz/TableFormatsXML#Color_palette_types_and...

Using wild card in table column formating

table

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter