Splunk Search

change color of column chart for each type?


alt textHello all ,

I ran the below query

....| chart count by SRC_ID

which gives me the count for each SRC_ID . when the visualized it in a column chart each id should have a different color



G 40
N 20

each id should have a color.I tried using the below XML but it did not change
option name="charting.fieldColors">{"G":0xFF0000,"N":0x6699FF}`

Tags (3)
0 Karma


Test the following xml code

<title>Field colors example</title>
................................................ | chart count(eval(SRC_ID="G")) as ER   count(eval(SRC_ID="N")) as WA    count(eval(SRC_ID="U")) as INF  by  SRC_ID
<option name="charting.axisY.scale">log</option>
<option name="charting.chart">column</option>
<option name="charting.fieldColors">
{"G": 0xFF0000, "N": 0xFF9900,"U": 0xFFAAF0}
<option name="charting.legend.placement">right</option>
0 Karma

Revered Legend

Try something like this

your base search | eval temp=1 | chart count over by SRC_ID limit=0 | rename temp as SRC_ID

The color code is assigned based of different series, your original search just have one series count. Above search will give series for each SRC_ID value so each will have different color

*Update *
To retain the x-axis labels, try this

your base search | chart count by SRC_ID | eval series=SRC_ID | chart values(count) over SRC_ID by series limit=0
0 Karma


well the color is changing but it messed up with the SRC_ID ,it is not showing the name of each id in the x-axis and its showing both ids count when hover on the bar

0 Karma


I tried the updated query

| chart count by SRC_ID | eval series=SRC_ID | chart values(count) over SRC_ID by series limit=0

the output is


G 40
N 20

U 10

0 Karma


I have attached a screen shot to the question

0 Karma

Path Finder

You will get different colors for each SRC_ID for a different visualization like PIE. Why are you expecting column chart to have different colors..its not a normal behavior? Is that a requirement?

0 Karma


ya that is why i am trying to figure out can it be done or not

0 Karma