Building for the Splunk Platform

How to set 2 different colors for 2 different values in the same field dynamically in bar charts ?

shinta_rcm
Engager
Stage(Field name)
Capa
Capa_india
north_Capa
checkcapaend
NET
net_east
southNETregion
showmeNET
us_net

 

From the field Stage, if the value contains capa 0r Capa I need to color the bar chart as Blue. Otherwise need to show the bar chart color as Orange.

 

Thanks in advance.

Labels (2)
0 Karma

SinghK
Builder
0 Karma

shinta_rcm
Engager

Thanks a lot for your reply.

The solution that you suggested is for numeric values. But we are working on String values.

<option name="charting.fieldColors">{"%capa%": 0xFF0000, "elevated": 0xFF9900, "low":0x008000}</option>

Is it possible to add wildcards like in the above XML code. If not kindly suggest an alternative approach.

The word "Capa" can occur in any part of the value and in some cases it may not occur too. So, we need a dynamic approach to color a bar of the bar chart.

0 Karma

SinghK
Builder

|makeresults
|eval stage= "Capa Capa_india north_Capa checkcapaend NET net_east"
|makemv stage
|mvexpand stage
|eval stage=lower(stage)
|fields - _time
|eval stagename = if(match(stage,"capa"),1,2)
|chart count by stage stagename

 

try that if that helps..

0 Karma

shinta_rcm
Engager

Thanks for the reply. We have already 3 fields in the chart command. Not able to add the 4th one in the command.

 

Also, kindly suggest if there is a way to include wildcards in charting.fieldColors, charting.seriesColors or in charting.annotation.categoryColors. This will be very helpful in my case.

0 Karma

SinghK
Builder

Results

SinghK_0-1641390742878.png

 

0 Karma

SinghK
Builder

you can do that in statistical table easy.

0 Karma
Get Updates on the Splunk Community!

What’s new on Splunk Lantern in August

This month’s Splunk Lantern update gives you the low-down on all of the articles we’ve published over the past ...

Welcome to the Future of Data Search & Exploration

You have more data coming at you than ever before. Over the next five years, the total amount of digital data ...

This Week's Community Digest - Splunk Community Happenings [8.3.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...