Solved: pie chart color with eval condition

surekhasplunk · ‎09-30-2016

Am using query "index=level3 host=Test | stats count by Age | sort Age" and visualizing it in a pie chart.

Now my requirement is I want to put some condition and color code it accordingly and show the result as in figure: Age

what query should I use and what xml editing should I do .

Currently using the query am getting result as shown in Fig: res

JDukeSplunk · ‎09-30-2016

You will need to save it as a dashboard panel first of all. Once there, you can edit the charting options to define the colors.

You may also want to use rangemap to break down the days into the sizes you want.

Ive only ever done rangemap inline, so something similar to this. You're going probably going to have to tweak this to make it work.

index=level3 host=Test |rangemap AgeRange=count(Age) Under_3=0-3 4to7=4-7 Over=8-9999| chart count by AgeRange

JDukeSplunk · ‎09-30-2016

You will need to save it as a dashboard panel first of all. Once there, you can edit the charting options to define the colors.

You may also want to use rangemap to break down the days into the sizes you want.

Ive only ever done rangemap inline, so something similar to this. You're going probably going to have to tweak this to make it work.

index=level3 host=Test |rangemap AgeRange=count(Age) Under_3=0-3 4to7=4-7 Over=8-9999| chart count by AgeRange

pie chart color with eval condition