Hi @mninansplunk, as I said: open the dashboard in Edit Mode, click on the pencin in the top of the column to apply colours, click on Colour ranges (instead None), Insert the colours for the wanted ranges, save the dashboard. I'm supponing that you are using the Classical Dashboard interface not Dashboard Stdio, otherwise I cannot help you because I didn't yet started to use it. Ciao. Giuseppe

Hello, Thank you for the help,  I am just using a Count for the column the Threshold is changing colors on for me.  But, I can't find a way to change the text color thru the GUI or anywhere else sad to say.  I would love to remove the number from being displayed. Here's the Query I am using:   integrationName="Opsgenie Edge Connector - Splunk" "[ThousandEyes] Alert for https://httpURL.com" action != "AddNote" action !="Acknowledge" | transaction "alert.id", alert.message startswith=Create endswith=Close keepevicted=true | table _time, alert.updatedAt, alert.message, "alertDetails.Alert Details URL", alert.alias, alert.id, action, _raw, closed_txn, _time, source, Component | where closed_txn=0 | stats values("alertDetails.Alert Details URL") as "Source Link", count("closed_txn") as Count | eval Application = "ApplicationName" | eval "Monitor Details" = "Performs an HTTP call to Boomi Gateways, Load Balancer, and Molecule servers to verify they are functioning" | eval Contact = "ContactName" | eval Component = Count."|".Application | fields Count, Application, "Monitor Details", "Contact", "Source Link", Component   Thanks again, Tom  

@gcusello  when I run the below query: index="abc" sourcetype =600000304_gg_abs_ipc1 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "Unbalanced" I see these three results: 2023-08-27 07:11:46.885 [INFO ] [Thread-83] ReadFileImpl - ebnc event unbalanced event occurred for filename TRIM.DEMO.D082623.T070035 2023-08-27 07:11:46.885 [INFO ] [Thread-83] GfpEbncImpl - statusList detail with status UNBALANCED with description No Source Event found but Destination Event is present. 2023-08-27 07:11:46.885 [INFO ] [Thread-83] GfpEbncImpl - balancerResponse received - response EventBalancerResponse [aggregateStatus=UNBALANCED, correlationId=null, statusList=[com.amex.fundingplatform.ebnc.response.StatusList@2f6e3e4b]]

Hi @aditsss, the problem is that I don't see any field that can be used to correlate the two events: is there any other part of the logs, e.g. timestamp, ip address, or something else, because with these logs there isn't any common information to use for the correlation. When you run your search, are thre as results only these two events or also other events? Ciao. Giuseppe

HI @gcusello these are only complete logs: ReadFileImpl - ebnc event unbalanced event occurred for filename TRIM.DEMO.D082623.T070035 GfpEbncImpl - statusList detail with status UNBALANCED with description No Source Event found but Destination Event is present. From the first log I want to fetch like this: PHRASE                                                                                       FILENAME ebnc event unbalanced event occurred               TRIM.DEMO.D082623.T070035 For second logs I want to fetch the descrition of UNBALANCED EVENT   UNBALANCED with description No Source Event found but Destination Event is present. @gcusello could you please guide