Why am I getting duplicate colors in a stacked tim...

vikas_gopal · ‎01-29-2015

Hi Experts,

I have an issue with stacked time chart. My search is like

Sourcetype="ABC"| timechart count by dest_ip usenull=f useother=f

I am getting top 10 IP addresses with count but I can see duplicate colors, like yellow color 3 times. Is there any way to provide different color to all 10 different IPs

Thanks
VG

martin_mueller · ‎01-29-2015

You can change the colours to suit your needs using the charting.seriesColors or charting.fieldColors options, see http://docs.splunk.com/Documentation/Splunk/6.2.1/Viz/ChartConfigurationReference#General_chart_prop... for reference.

martin_mueller · ‎01-30-2015

With charting.fieldColors you would have to know the fields (IPs in your case) beforehand, yes.

With charting.seriesColors you can specify your own colours to use for the first, second, and so on field - basically override the automatic assignment of colours Splunk makes by default.

I'm a bit surprised you get colour overlap though, you you post a screenshot? If that's a general issue it'd be nice to get it addressed properly.

vikas_gopal · ‎01-30-2015

Thanks for the quick response Martin, but with this solution I have to define series color manually , because I am getting random IP as output so how I can fix this .

vikas_gopal · ‎01-29-2015

I am facing this issue in Splunk 6.2 version .Same thing is working fine in Splunk 6.0 version.Please suggest if anyone facing such issue in 6.2.

Why am I getting duplicate colors in a stacked time chart in Splunk 6.2?

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...