@renjith_nair    I have used the same code whichyou have given as a test with appropriate index, but it's not updating the header color. ... View more

Looks like I got the solution.  I have used MATCH  to solve it. Thank you @thambisetty  ... View more

I am not sure about this as it generates a huge realtime data and I have just access to Splunk UI for creating dashboards. ... View more

Yeah not working @richgalloway    Any other suggestions please. ... View more

Tried like this, but no luck    STATUS_DETAIL|s|n$ ... View more

I tried to add |n which is working in few regex like 'RESPECT TO PATTERN '[0-9]+'' Please let me know if I can add like-  |s|n$ ... View more

Tried, but results in below error -    Unknown search command '0'. ... View more

Panel 1 Query - index=production sourcetype="db" (APPLICATIONTYPE="A" OR APPLICATIONTYPE="B" OR APPLICATIONTYPE="C" ) (ACCOUNT="$ACCOUNT$", REQUEST="$REQUEST$",STATUS_DETAIL="$STATUS_DETAIL$",STATUS_TYPE="$STATUS$") | eventstats sum(RECORD_COUNT) as TOTAL_COUNT by ACCOUNT, REQUEST,STATUS_DETAIL,STATUS | eval account_request_status = ACCOUNT . ":::" . REQUEST . ":::" . STATUS | timechart span=1m limit=0 sum(RECORD_COUNT) by account_request_status Panel 2 Query - index=production sourcetype="db" (APPLICATIONTYPE="A" OR APPLICATIONTYPE="B" OR APPLICATIONTYPE="C" ) $requesttype$ $Account$ $status$|eventstats sum(RECORD_COUNT) as TOTAL_COUNT by REQUEST ,ACCOUNT,STATUS_DETAIL, STATUS | stats count by ACCOUNT, REQUEST,STATUS,STATUS_DETAIL, TOTAL_COUNT | fields - count STATUS_DETAIL is generating regex which is generated in realtime.   Please help.   ... View more

@to4kawa  I have mutliple Account_NM which will be generated in realtime. The ACCOUNT_NM which I provided was sample data. Thank you for the info though 🙂 ... View more

@richgalloway I have used table in second query and chart in first. I am not getting the desired result. ... View more

Thank you. This helped me to resolve the issue. ... View more