- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Need to change colour in dashboard in trellis ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Need to change colour in dashboard in trellis view
Hi All,
I am trying to create a dashboard in trellis view. I created the below query for my search:
index=abcd host="mwgcb-ckbla02U*" source="/logs/confluent/kafkaLogs/server.log" | rex field=_raw "(?ms)]\s(?P<Code>\w+)\s\[" | search Code="WARN" | rex field=_raw "^(?:[^ \n]* ){3}\[(?P<code_id>[^\]]+)" | search code_id="AdminClient clientId=adminclient-*" | stats count | eval mwgcb-ckbla02u=if(count=0, "Running", "Down") | table mwgcb-ckbla02u
Here, I am using the trellis view and "single value" in visualization. All came up perfect, but I am not able to change the colour of the trellis box. Like when its "Running", box should be green and when "Down", it should be red.
Can anyone please help on this..?
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
<format type="color">
<colorPalette type="expression">case (match(value,"Down"), "#ff0000",match(value,"Up"),"#00ff00")</colorPalette>
</format>- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried inserting the above in the source-code. Its not working for me.
Please look into the source code and suggest.
<dashboard>
<label>Kafka_Broker</label>
<row>
<panel>
<title>mwgcb-ckbla02U</title>
<single>
<search>
<query>index=abcd host="mwgcb-ckbla02U*" source="/logs/confluent/kafkaLogs/server.log" | rex field=_raw "(?ms)]\s(?P<Code>\w+)\s\[" | search Code="WARN" | rex field=_raw "^(?:[^ \n]* ){3}\[(?P<code_id>[^\]]+)" | search code_id="AdminClient clientId=adminclient-*" | stats count | eval mwgcb-ckbla02u=if(count=0, "Running", "Down") | table mwgcb-ckbla02u</query>
<earliest>1626633000</earliest>
<latest>1626636600</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">["0x53a051","0xdc4e41"]</option>
<option name="rangeValues">[0]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">1</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">large</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
</single>
</panel>
</row>
</dashboard>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this instead
<dashboard>
<label>Kafka_Broker</label>
<row>
<panel depends="$alwaysHideCSSPanel$">
<html>
<style>
#single #facet-viz_data_source_mwgcb-ckbla02u svg{
background-color: $singlecolour$;
}
</style>
</html>
</panel>
<panel>
<title>mwgcb-ckbla02U</title>
<single>
<search>
<query>index=abcd host="mwgcb-ckbla02U*" source="/logs/confluent/kafkaLogs/server.log" | rex field=_raw "(?ms)]\s(?P<Code>\w+)\s\[" | search Code="WARN" | rex field=_raw "^(?:[^ \n]* ){3}\[(?P<code_id>[^\]]+)" | search code_id="AdminClient clientId=adminclient-*" | stats count | eval mwgcb-ckbla02u=if(count=0, "Running", "Down") | table mwgcb-ckbla02u</query>
<earliest>1626633000</earliest>
<latest>1626636600</latest>
<sampleRatio>1</sampleRatio>
<done>
<eval token="singlecolour">if('results.mwgcb-ckbla02u'=="Down","red","green")</eval>
</done>
</search>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">["0x53a051","0xdc4e41"]</option>
<option name="rangeValues">[0]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">1</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">large</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
</single>
</panel>
</row>
</dashboard>- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ITWhisperer,
This didn't work either. Is it because I am using trellis..?
Because without trellis, the format command works if kept as table.
But we need the output in trellis view. Can you please suggest some more?
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, typo on my part - try
<eval token="singlecolour">if('result.mwgcb-ckbla02u'=="Down","red","green")</eval>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry ITWhisperer,
It didn't work either. As of now now I am going with the tabular view without trellis and using format.
However, suggestions for modification on the trellis view are welcomed. We prefer going with the trellis view.
Thank you.
Join Us for Splunk University and Get Your Bootcamp Game On!
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
Announcing Scheduled Export GA for Dashboard Studio
