Building for the Splunk Platform

How to set 2 different colors for 2 different values in the same field dynamically in bar charts ?

shinta_rcm
Engager
Stage(Field name)
Capa
Capa_india
north_Capa
checkcapaend
NET
net_east
southNETregion
showmeNET
us_net

 

From the field Stage, if the value contains capa 0r Capa I need to color the bar chart as Blue. Otherwise need to show the bar chart color as Orange.

 

Thanks in advance.

Labels (2)
0 Karma

SinghK
Builder
0 Karma

shinta_rcm
Engager

Thanks a lot for your reply.

The solution that you suggested is for numeric values. But we are working on String values.

<option name="charting.fieldColors">{"%capa%": 0xFF0000, "elevated": 0xFF9900, "low":0x008000}</option>

Is it possible to add wildcards like in the above XML code. If not kindly suggest an alternative approach.

The word "Capa" can occur in any part of the value and in some cases it may not occur too. So, we need a dynamic approach to color a bar of the bar chart.

0 Karma

SinghK
Builder

|makeresults
|eval stage= "Capa Capa_india north_Capa checkcapaend NET net_east"
|makemv stage
|mvexpand stage
|eval stage=lower(stage)
|fields - _time
|eval stagename = if(match(stage,"capa"),1,2)
|chart count by stage stagename

 

try that if that helps..

0 Karma

shinta_rcm
Engager

Thanks for the reply. We have already 3 fields in the chart command. Not able to add the 4th one in the command.

 

Also, kindly suggest if there is a way to include wildcards in charting.fieldColors, charting.seriesColors or in charting.annotation.categoryColors. This will be very helpful in my case.

0 Karma

SinghK
Builder

Results

SinghK_0-1641390742878.png

 

0 Karma

SinghK
Builder

you can do that in statistical table easy.

0 Karma
Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...