Why am I getting duplicate colors in a stacked tim...

vikas_gopal · ‎01-29-2015

Hi Experts,

I have an issue with stacked time chart. My search is like

Sourcetype="ABC"| timechart count by dest_ip usenull=f useother=f

I am getting top 10 IP addresses with count but I can see duplicate colors, like yellow color 3 times. Is there any way to provide different color to all 10 different IPs

Thanks
VG

martin_mueller · ‎01-29-2015

You can change the colours to suit your needs using the charting.seriesColors or charting.fieldColors options, see http://docs.splunk.com/Documentation/Splunk/6.2.1/Viz/ChartConfigurationReference#General_chart_prop... for reference.

martin_mueller · ‎01-30-2015

With charting.fieldColors you would have to know the fields (IPs in your case) beforehand, yes.

With charting.seriesColors you can specify your own colours to use for the first, second, and so on field - basically override the automatic assignment of colours Splunk makes by default.

I'm a bit surprised you get colour overlap though, you you post a screenshot? If that's a general issue it'd be nice to get it addressed properly.

vikas_gopal · ‎01-30-2015

Thanks for the quick response Martin, but with this solution I have to define series color manually , because I am getting random IP as output so how I can fix this .

vikas_gopal · ‎01-29-2015

I am facing this issue in Splunk 6.2 version .Same thing is working fine in Splunk 6.0 version.Please suggest if anyone facing such issue in 6.2.

Why am I getting duplicate colors in a stacked time chart in Splunk 6.2?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!