- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- access row in xyseries
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have a table from a xyseries. Each row consists of different strings of colors. I would like to pick one row from the xyseries, save it in some sort of token and then use it later in an svg-file. The svg file is made up of three rectangles, which colors should depend on the chosen row of the xyseries.
For example the search I made looks like this:
index=something
|stats latest(vitamins) by fruit
|eval color = if(fruit=="$fruit_token$", "red", 0)
|fillnull value="green"
|xyseries fruit vitamins color
Which gives something like this, when i choose apple as a fruit:
vitaminA vitaminB vitaminC
apple green red green
banana green green green
The idea is that I can search for a fruit I want (with an input-token), set the value in latest(vitamin) of that row to "red" and the rest to "green".
Is there a way for me to access the "apple-row" as a whole? I can access a single column of a row by addressing the column name, i.e:
|search fruit=$fruit_token$
|eval var="something"+vitaminB+"else"
|table var
would give something like:
"somethingredelse"
Which then I can store in a variable. But I somehow want all the rest (all the "greens") also.
My end goal would be to use a svg-file, that looks something like this:
<row>
<panel>
<viz type="svg.svg">
<search>
|makeresults
|eval svg_viz = "....
<rect id=01 fill=\"$vitaminA$\"$ >
<rect id=02 fill=\"$vitaminB$\"$ >
<rect id=03 fill=\"$vitaminC$\"$ >
..."
[...]
</search>
</viz>
</panel>
</row>
So in our example, if apple is my chosen fruit I would like to have my first rectangle to have the color "green", the 2nd the color "red" and the third one the color "green". In the end I would use hex code instead of "red" and "green".
I hope this isn't a too narrow subject. I basically need some sort of access to the xyseries table. Maybe instead of using tokens I could also use my first search inside of the svg-file-query, but I couldn't get that to work either.
I could use some help 😃
Cheers
gerbert
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, just in case anyone is stumbling onto this thread and is wondering how to solve it, here it is.
You have to end the "svg-string" and insert your token inbetween and then add the whole string back together with a plus sign. It looks something like this then:
<row>
<panel>
<viz type="svg.svg">
<search>
|makeresults
|eval svg_viz = "....
<rect id=01 fill=\" "+vitaminA+" \"$ >
<rect id=02 fill=\" "+vitaminB+" \"$ >
<rect id=03 fill=\" "+vitaminC+" \"$ >
..."
[...]
</search>
</viz>
</panel>
</row>
Cheers
gerbert
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, just in case anyone is stumbling onto this thread and is wondering how to solve it, here it is.
You have to end the "svg-string" and insert your token inbetween and then add the whole string back together with a plus sign. It looks something like this then:
<row>
<panel>
<viz type="svg.svg">
<search>
|makeresults
|eval svg_viz = "....
<rect id=01 fill=\" "+vitaminA+" \"$ >
<rect id=02 fill=\" "+vitaminB+" \"$ >
<rect id=03 fill=\" "+vitaminC+" \"$ >
..."
[...]
</search>
</viz>
</panel>
</row>
Cheers
gerbert
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could use transpose to convert the row to a column
Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!
Transform your security operations with Splunk Enterprise Security
Splunk Admins and App Developers | Earn a $35 gift card!
