Give this a try.
Your search giving fields DATE, AMOUNT | eval LATEST=strptime(DATE,"%m/%d/%Y")
| eventstats max(LATEST) as LATEST1 | eval LATESTAMT=if(LATEST=LATEST1,AMOUNT,0) | eval AMOUNT=if(LATEST=LATEST1,0,AMOUNT)| table DATE, AMOUNT, LATESTAMT
Use this to generate a stacked bar chart and for the latest record it should show in different color (with different series name 'LATESTAMT')
many. it will keep updating the list on when a transaction happens on that date. so i need a query to find the latest date in the list at any point in time
How many rows can be there in the table?
Hi iamniks,
Yes, you can do this - but you need to tweak some css and js files to achieve this. See this http://answers.splunk.com/answers/83206/color-in-a-table-based-on-values or this app http://apps.splunk.com/app/570/.
hope this helps ...
cheers, MuS
thanks for the response but we can use the above if we know what is the expected value but in my case i dont know what is the latest date in the list