- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Can I use a regular expression or wildcard inside ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can I use a regular expression or wildcard inside charting.fieldColors?
Hi
I have a timechart with several lines, and I want to set the colors as in charting.fieldColors. However, the field names are dynamic, so I would need to use a regular expression or wildcard in the key; something like this:
<option name="charting.fieldColors">{ "PREVIEW":0x990000, "TASK_*":0x99CCFF } </option>
This there anything like this currently possible?
Thank you
John
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maybe you can do it this way. charting.seriesColors assigns the first color in the list to the first field in the results table, the second color to the second field, etc.
<option name="charting.seriesColors">[0x1e93c6, 0xf2b827, 0xd6563c, 0x6a5c9e, 0x31a35f]</option>
BTW, my example uses the first 5 default color values.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the suggesion. Unfortunately this won't solve the problem, because there could be any number of fields matching the "TASK_*" regex. So I would need to have 0x99CCFF in the list 100 times, and even then it might not catch all of them.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Keep in mind that the timechart command, by default, only shows the "top" 10 fields by default, so it is unlikely that you would need to list 100 fields. And if you are listing 100 fields, how can you read that? Perhaps you should consider some form of grouping prior to charting.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If anyone knows of an alternative way of assigning color to fields to achieve this, please let me know.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think so, but try it and see if it works... and let us know!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I haven't been successful so far.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd try some quoting & escape character to see, but I believe lguinn has the correct answer.
"Task*"
"Task\.*"
"Task%"
'"Task*"'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks...no luck unfortunately.
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
