All Apps and Add-ons

How to edit the map marker color in Custom Cluster Map Visualization?

mjlsnombrado
Communicator

Hi all,

I have a cluster map visualization and i want to edit the color of the map marker. I've used two fields country and status causing the color of the marker to be divided to red and green and this is what it looks like in the map,alt text

What i want to do is to set one color for for the markers

For example:

if(status==yes){
 color = green;}
else if(status==no){
color=red;}

Is this possible?

Thanks in advance,

0 Karma
1 Solution

You would need to use mapping.fieldColors Simple XML configuration for Cluster map similar to the following (where the Map plots geostats by status):

<option name="mapping.fieldColors">{"yes":"0x65a637","no":"0xd93f3c"}</option>

Refer to an answer for Drilldown based on color. However, you should check out only the Simple XML piece for similar setting with Run Anywhere example where stats is broken out by method which is either GET or POST: https://answers.splunk.com/answers/613088/how-to-redirect-to-two-urls-from-a-cluster-map.html

<option name="mapping.fieldColors">{"GET":"0x65a637","POST":"0xd93f3c"}</option>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

mjlsnombrado
Communicator

Hi @niketnilay,

What I want to do is to set fix color for each marker depending on the status, I am using two fields city (right side of the map marker) and status (left side of the map marker) that is why the map marker is divided into two colors using
<option name="mapping.fieldColors">{"OK":"0x65a637","KO":"0xd93f3c"}</option> I am able to set fixed color for the status, if the status is OK the map marker will be green and if the status is KO it will be red but what I need to do is to set one color for the whole marker as of now this is the result:
alt text
I need the city to inherit the color of the status and produce result like this :
alt text

Is this possible?

Best Regards,

0 Karma

You would need to use mapping.fieldColors Simple XML configuration for Cluster map similar to the following (where the Map plots geostats by status):

<option name="mapping.fieldColors">{"yes":"0x65a637","no":"0xd93f3c"}</option>

Refer to an answer for Drilldown based on color. However, you should check out only the Simple XML piece for similar setting with Run Anywhere example where stats is broken out by method which is either GET or POST: https://answers.splunk.com/answers/613088/how-to-redirect-to-two-urls-from-a-cluster-map.html

<option name="mapping.fieldColors">{"GET":"0x65a637","POST":"0xd93f3c"}</option>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

mjlsnombrado
Communicator

Hi Niketnilay,

Thanks for your answer I've already used the mapping.fieldColors option, but what I need is for the City to inherit the color of the status for example if the color of the status part of the marker is green the city will inherit its color and will be green also making the whole marker to be colored as green , if the status part of the marker is red the city part of the marker will inherit its color and will be red also making the whole marker to be colored as red, is it possible? below is the xml of the dashboard

alt text

| eval status = if (isnotnull (Type) ,"KO","OK")
|eval status = "City: ".sitename .",". status
|makemv status delim=","
| table sitename ID status Latitudine Longitudine
| geostats latfield=Latitudine longfield=Longitudine count by status
$field1.earliest$
$field1.latest$
1
10m
delay

none
423
3
auto
0xe60026
0x6dc066
0
0.75
1
999
{OK:0x6dc066,KO:0xe60026}

0 Karma

@mjlsnombrado seems like you need Choropleth Map.

Also while posting code use the code button (101010 or shortcut Ctrl+K) here on Splunk Answers so that special characters do not escape.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

mjlsnombrado
Communicator

Ok thanks using, choropleth map will I be able to set one color for for a marker that contain two fields, for example the color of field2 depends on the color of field1, if the field1 value is "ok "the two fields will be colored green, re-posting the code I used.

| eval status =  if (isnotnull (Type) ,"KO","OK")
|eval status = "City: ".sitename .",". status
|makemv status delim=","
| table sitename ID status Latitudine Longitudine 
| geostats latfield=Latitudine longfield=Longitudine count by status</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
          <sampleRatio>1</sampleRatio>
          <refresh>10m</refresh>
          <refreshType>delay</refreshType>
        </search>
        <option name="drilldown">none</option>
        <option name="height">423</option>
        <option name="mapping.choroplethLayer.colorBins">3</option>
        <option name="mapping.choroplethLayer.colorMode">auto</option>
        <option name="mapping.choroplethLayer.maximumColor">0xe60026</option>
        <option name="mapping.choroplethLayer.minimumColor">0x6dc066</option>
        <option name="mapping.choroplethLayer.neutralPoint">0</option>
        <option name="mapping.choroplethLayer.shapeOpacity">0.75</option>
        <option name="mapping.choroplethLayer.showBorder">1</option>
        <option name="mapping.data.maxClusters">999</option>
        <option name="mapping.fieldColors">{OK:0x6dc066,KO:0xe60026}</option>
0 Karma

mjlsnombrado
Communicator

Hi Niketnilay ,

I've tried the Choropleth map visualization but it does produce the same result i'm not able to inherit the color of the field or set one color for the marker.

Thanks Niketnilay for answering

BR,
Lester

0 Karma

@mjlsnombrado Categorical Color should do it, unless I have misunderstood your question. If you still have the issue, please add a mock screenshot what you need?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...