Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Using wild card in table column formating

splunkuser320
Path Finder
‎12-02-2022 08:40 AM

I want to change the column cell background based on the value, but I also want to use a wild card.

Example Field values

Passed (12:20)

Failure (2:30)

Passed (4:40)

I want to change the cell color based on only Passed and Failure and ignore rest of the string.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎12-05-2022 03:41 PM

If this was a solution for you, please mark it as solved, so others can benefit.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

splunkuser320
Path Finder
‎12-04-2022 08:27 PM

Its works. Thanks for your help!!!

0 Karma
Reply
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎12-05-2022 03:41 PM

If this was a solution for you, please mark it as solved, so others can benefit.

0 Karma
Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎12-04-2022 02:19 PM

Use the colorPalette format option

<format type="color" field="your_field">
<colorPalette type="expression">case(match(value,"^Passed"), "#008000", match(value, "^Failed"), "#F8BE34", true(), "#000")</colorPalette>
</format>

See the documentation here

https://docs.splunk.com/Documentation/SplunkCloud/latest/Viz/TableFormatsXML#Color_palette_types_and...

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...