Dashboards & Visualizations

changing colors in a column chart

a212830
Champion

Is there any way to tell Splunk to automatically assign different colors to columns in a chart?
I created a chart, and they all use the same colors.

Tags (2)
0 Karma
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

if you chart "by" a field, each "by" value gets a new series and thus a new color. if you're plotting the same value for a single series, it will just one color for the entire series. so it would be helpful to know what your query is.

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

if you chart "by" a field, each "by" value gets a new series and thus a new color. if you're plotting the same value for a single series, it will just one color for the entire series. so it would be helpful to know what your query is.

gkanapathy
Splunk Employee
Splunk Employee

I over-complicated it. This does the same, and is easier to understand:

index=coreops sourcetype="snmp_stats" tag::host="ERA_Full" | head 7 | eval xlabel=""| chart sum(CONNECTIONS) by xlabel,HOST | rename xlabel AS HOST

"rename" is just used to name the x-axis. You can also use:

index=coreops sourcetype="snmp_stats" tag::host="ERA_Full" | head 7 | eval xlabel=HOST| chart sum(CONNECTIONS) by xlabel,HOST | rename xlabel AS HOST

which will puts non-empty HOST labels on each column, which may be nicer than the previous, which just sets them to empty. (Though the legend is still there.)

a212830
Champion

Wow. OK, that did it. Any chance you can explain that?

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

ah, try adding this:

index=coreops sourcetype="snmp_stats" tag::host="ERA_Full" | head 7 | chart sum(CONNECTIONS) as CONNECTIONS by HOST | eval H=HOST | eval HOST="" | xyseries HOST H CONNECTIONS
0 Karma

vsingla1
Communicator

this did the trick!! wonderful

0 Karma

a212830
Champion

Nothing changed...

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

Try:

index=coreops sourcetype="snmp_stats" tag::host="ERA_Full" | head 7 | chart sum(CONNECTIONS) as CONNECTIONS by HOST

or max(CONNECTIONS) or avg(CONNECTIONS) as appropriate (though in your case it's going to be the same).

0 Karma

a212830
Champion

Here's the query:

index=coreops sourcetype="snmp_stats" tag::host="ERA_Full" |fields HOST, CONNECTIONS |table HOST, CONNECTIONS |head 7

I'm trying to duplicate a report that is done in Excel manually, and the customers want the values in different colors.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...