Solved: Re: Using wild card in table column formating

splunkuser320 · ‎12-02-2022

I want to change the column cell background based on the value, but I also want to use a wild card.

Example Field values

Passed (12:20)

Failure (2:30)

Passed (4:40)

I want to change the cell color based on only Passed and Failure and ignore rest of the string.

bowesmana · ‎12-05-2022

If this was a solution for you, please mark it as solved, so others can benefit.

View solution in original post

splunkuser320 · ‎12-04-2022

Its works. Thanks for your help!!!

bowesmana · ‎12-05-2022

If this was a solution for you, please mark it as solved, so others can benefit.

bowesmana · ‎12-04-2022

Use the colorPalette format option

<format type="color" field="your_field">
<colorPalette type="expression">case(match(value,"^Passed"), "#008000", match(value, "^Failed"), "#F8BE34", true(), "#000")</colorPalette>
</format>

See the documentation here

https://docs.splunk.com/Documentation/SplunkCloud/latest/Viz/TableFormatsXML#Color_palette_types_and...

Using wild card in table column formating

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation