Solved: pie chart color with condition

surekhasplunk · ‎07-03-2019

|inputlookup vrf_usage.csv | search VRF="PCOM"| search VLAN="Vlan802" | table VLAN device capacity free used

VLAN            device       capacity   free    used
Vlan802 DC2A3-CLOUD-CFD-VDC2    2048    1596    452
Vlan802 DC2A4-CLOUD-CFD-VDC2    2048    1594    454
Vlan802 SC2BJV-CLOUD-CFD-VDC2   2048    1882    166
Vlan802 SC2CLK-CLOUD-CFD-VDC2   2048    1883    165
Vlan802 TIGR6-CLOUD-CFD-VDC2-A1 2048    1838    210
Vlan802 TIGR6-CLOUD-CFD-VDC2-A2 2048    1838    210

Now i need a pie chart to show in RED color the used part and in GREEN color the free part

how can i achieve this in pie chart.

and if i select VLAN=* then it should sum all VLAN used and show in red and sum of all VLAN free and show in green

vnravikumar · ‎07-03-2019

Hi

Try this

<dashboard>
  <label>pie chart</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>|inputlookup vrf_usage.csv | search VRF="PCOM"| search VLAN="Vlan802" | table VLAN device capacity free used 
| chart sum(free) as free, sum(used) as used | transpose</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.seriesColors">[#008000,#FF0000]</option>
      </chart>
    </panel>
  </row>
</dashboard>

or

    <dashboard>
      <label>pie chart</label>
      <row>
        <panel>
          <chart>
            <search>
              <query>|inputlookup vrf_usage.csv | search VRF="PCOM"| search VLAN="Vlan802" | table VLAN device capacity free used 
    | chart sum(free) as free, sum(used) as used | transpose</query>
              <earliest>-24h@h</earliest>
              <latest>now</latest>
            </search>
            <option name="charting.chart">pie</option>
            <option name="charting.drilldown">none</option>
            <option name="charting.fieldColors">{"used":#FF0000,"free":#008000}</option>
          </chart>
        </panel>
      </row>
    </dashboard>

View solution in original post

vnravikumar · ‎07-03-2019

Hi

Try this

<dashboard>
  <label>pie chart</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>|inputlookup vrf_usage.csv | search VRF="PCOM"| search VLAN="Vlan802" | table VLAN device capacity free used 
| chart sum(free) as free, sum(used) as used | transpose</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.seriesColors">[#008000,#FF0000]</option>
      </chart>
    </panel>
  </row>
</dashboard>

or

    <dashboard>
      <label>pie chart</label>
      <row>
        <panel>
          <chart>
            <search>
              <query>|inputlookup vrf_usage.csv | search VRF="PCOM"| search VLAN="Vlan802" | table VLAN device capacity free used 
    | chart sum(free) as free, sum(used) as used | transpose</query>
              <earliest>-24h@h</earliest>
              <latest>now</latest>
            </search>
            <option name="charting.chart">pie</option>
            <option name="charting.drilldown">none</option>
            <option name="charting.fieldColors">{"used":#FF0000,"free":#008000}</option>
          </chart>
        </panel>
      </row>
    </dashboard>

pie chart color with condition

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation