Below is a colorpalette expression I have in my classic dashboard:
<format type="color" field="Present">
<colorPalette type="expression">
if(value > $90PercentThreshold$, "#f50d0d", "#43e40a") <green and red, respectively>
</colorPalette>
</format>
My query is:
"<sourceString>"
"Checking <directory>*"
| rex field=_raw "InputObject\";\s+value=\"Checking (?<Directory>[^\"]+) Max allowed:\s+(?<Max_Allowed>\d+).*Files present:\s+(?<Present>\d+)"
| dedup Directory
| eval 50PercentThreshold = Max_Allowed * 0.5
| eval 90PercentThreshold = Max_Allowed * 0.9
| table _time, Directory, Present, Max_Allowed
| sort - Present
This is getting a file count across several directories as well as the maximum allowed files in that directory (all within the log)\. My issue is that I can see the cells in the table colored during edit mode, but when I switch to preview, the colors are not present any longer (no color exists).
Additionally, is there a way to express multiple conditionals for the colorpalette? An example would be the following, but I must have the wrong syntax:
<format type="color" field="Present">
<colorPalette type="expression">
if(value > $90PercentThreshold$, "#f50d0d",
if(value > $50PercentThreshold$ AND value < $90PercentThreshold$, "#f2bb11", "#43e40a"))
</colorPalette>
</format>
Thanks in advance!
