Solved: pie chart color with condition

surekhasplunk · ‎07-03-2019

|inputlookup vrf_usage.csv | search VRF="PCOM"| search VLAN="Vlan802" | table VLAN device capacity free used

VLAN            device       capacity   free    used
Vlan802 DC2A3-CLOUD-CFD-VDC2    2048    1596    452
Vlan802 DC2A4-CLOUD-CFD-VDC2    2048    1594    454
Vlan802 SC2BJV-CLOUD-CFD-VDC2   2048    1882    166
Vlan802 SC2CLK-CLOUD-CFD-VDC2   2048    1883    165
Vlan802 TIGR6-CLOUD-CFD-VDC2-A1 2048    1838    210
Vlan802 TIGR6-CLOUD-CFD-VDC2-A2 2048    1838    210

Now i need a pie chart to show in RED color the used part and in GREEN color the free part

how can i achieve this in pie chart.

and if i select VLAN=* then it should sum all VLAN used and show in red and sum of all VLAN free and show in green

vnravikumar · ‎07-03-2019

Hi

Try this

<dashboard>
  <label>pie chart</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>|inputlookup vrf_usage.csv | search VRF="PCOM"| search VLAN="Vlan802" | table VLAN device capacity free used 
| chart sum(free) as free, sum(used) as used | transpose</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.seriesColors">[#008000,#FF0000]</option>
      </chart>
    </panel>
  </row>
</dashboard>

or

    <dashboard>
      <label>pie chart</label>
      <row>
        <panel>
          <chart>
            <search>
              <query>|inputlookup vrf_usage.csv | search VRF="PCOM"| search VLAN="Vlan802" | table VLAN device capacity free used 
    | chart sum(free) as free, sum(used) as used | transpose</query>
              <earliest>-24h@h</earliest>
              <latest>now</latest>
            </search>
            <option name="charting.chart">pie</option>
            <option name="charting.drilldown">none</option>
            <option name="charting.fieldColors">{"used":#FF0000,"free":#008000}</option>
          </chart>
        </panel>
      </row>
    </dashboard>

View solution in original post

vnravikumar · ‎07-03-2019

Hi

Try this

<dashboard>
  <label>pie chart</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>|inputlookup vrf_usage.csv | search VRF="PCOM"| search VLAN="Vlan802" | table VLAN device capacity free used 
| chart sum(free) as free, sum(used) as used | transpose</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.seriesColors">[#008000,#FF0000]</option>
      </chart>
    </panel>
  </row>
</dashboard>

or

    <dashboard>
      <label>pie chart</label>
      <row>
        <panel>
          <chart>
            <search>
              <query>|inputlookup vrf_usage.csv | search VRF="PCOM"| search VLAN="Vlan802" | table VLAN device capacity free used 
    | chart sum(free) as free, sum(used) as used | transpose</query>
              <earliest>-24h@h</earliest>
              <latest>now</latest>
            </search>
            <option name="charting.chart">pie</option>
            <option name="charting.drilldown">none</option>
            <option name="charting.fieldColors">{"used":#FF0000,"free":#008000}</option>
          </chart>
        </panel>
      </row>
    </dashboard>

pie chart color with condition

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

pie chart color with condition

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases