This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the same dataset that you will have already downloaded and ingested into Splunk. If not, please go to the Tutorial and complete it (or at least download and ingest the dataset).
This is the fourth blog in the series, and builds on the dashboard created in the previous blogs.
Adding a bit of colour
Now to add a bit of styling to enhance the dashboard panel with bit of colour to instantly indicate how good or bad the overall service is in terms of its breach rate.
To do this, you can evaluate the breach rate and include some colours in hidden fields in the result set which can then be used to set tokens in a similar manner to the breach rate. These tokens can then be used in some CSS styling in a hidden html panel in the dashboard.
First, extend the search to include the hidden fields with the colour values. Colour values can be assigned as hexadecimal strings (#rrggbb) or as named colours (black, white). The boundaries for change of colour are set in the search using arbitrary values of 15%, 20%, 25%, 30% and above 30%. You can use different values if you want to.
Click on Edit
Click on Edit search of the Hourly Success Rates panel, update as below and Apply
sourcetype=access_combined_wcookie
| timechart span=1h count by status
| addtotals row=t fieldname=_total
| foreach *
[| eval <<FIELD>>=round(100*'<<FIELD>>'/_total,2)]
| eval threshold=85
| eventstats count(eval('200'<85)) as _breaches count as _total
| eval _failure_rate=round(100*_breaches/_total,2)
| eval _panel_colour=case(_failure_rate < 15, "#00ff00", _failure_rate < 20, "#80ff00", _failure_rate < 25, "#ffff00", _failure_rate < 30, "#ff8000", true(), "#ff0000")
| eval _text_colour=case(_failure_rate < 15, "black", _failure_rate < 20, "black", _failure_rate < 25, "black", _failure_rate < 30, "white", true(), "white")
Note that two colours are provided to ensure that the text is in a contrasting colour against the panel background.
While still in edit mode, click on the Source button
Modify the done handler in the search stanza for the chart to assign the field values to tokens
<done>
<set token="failure_rate">$result._failure_rate$</set>
<set token="panel_colour">$result._panel_colour$</set>
<set token="text_colour">$result._text_colour$</set>
</done>
This screen image shows the done handler setting the panel and text colour tokens.
While still in edit source mode, assign the panel an unique id (request_status) and insert some hidden HTML with some CSS styling: Note that the HTML is hidden because it depends on a token which is never set, and the dashboard panel has been given an id which matches the selectors in the style definition.
<panel id="request_status">
<html depends="$alwaysHide$">
<style>
#request_status .dashboard-panel
{
background-color: $panel_colour$ !important;
text-align: center;
}
#request_status h2.panel-title
{
color: $text_colour$ !important;
}
</style>
</html>
<title>Hourly status rates - SLO Breach rate: $failure_rate$%</title>
This screen image shows the hidden HTML panel with CSS styling to colour the panel title using the colour tokens.
Save the updated dashboard. This screen image shows the hourly status rates chart with coloured title depending on breach rate.
Next step is to go on to part 5 where you will look at ways to investigate the detail behind the chart.
... View more
