Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Format table field with a space in the column name
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
helge
Builder
02-15-2017
01:51 PM
I would like to use the Simple XML format rule to specify the formatting of table columns as documented here, e.g.:
<format type="number" field="count">
<option name="precision">3</option>
<option name="unit">MB</option>
</format>
How do I specify a field name with a space in it? Does that even work?
My table would be defined as follows:
SOME_SPL | table "fieldname with spaces"
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vasanthmss
Motivator
02-15-2017
02:32 PM
Yes. field name with space you can use in the format. Sample is below,
<dashboard>
<row>
<panel>
<table>
<search>
<query>index=_internal | head 100 | bin span=1d _time | stats count by _time sourcetype |rename sourcetype as "Source Type"</query>
<earliest>0</earliest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="rowNumbers">false</option>
<option name="wrap">true</option>
<format type="color" field="Source Type">
<colorPalette type="map">{"splunkd":#6DB7C6,"splunk-access":#F7BC38,"s":#AFEEEE}</colorPalette>
</format>
<format type="color" field="count">
<colorPalette type="minMidMax" maxColor="#31A35F" midColor="#A2CC3E" minColor="#FFFFFF"></colorPalette>
<scale type="minMidMax" maxType="percentile" maxValue="100" midType="percentile" midValue="50" minType="percentile" minValue="0"></scale>
</format>
</table>
</panel>
</row>
</dashboard>
V
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
akarivaratharaj
Communicator
12-03-2019
11:27 PM
Hi @helge ,
I have a field called "TOTAL_TIME" which is in the format of "HH:MM:SS" and I am trying to apply the color format to it. But the color is not getting applied.
Could you please help me in getting the code to apply the color for the time format.
Thankyou.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
GDude
New Member
01-24-2018
02:38 AM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
GDude
New Member
01-24-2018
05:54 AM
Sorry, I missed that you were only discussing fields with spaces. I'll place a new question.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
helge
Builder
01-24-2018
05:47 AM
You should post this as a new question. Mixing topics is a no-no.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vasanthmss
Motivator
02-15-2017
02:32 PM
Yes. field name with space you can use in the format. Sample is below,
<dashboard>
<row>
<panel>
<table>
<search>
<query>index=_internal | head 100 | bin span=1d _time | stats count by _time sourcetype |rename sourcetype as "Source Type"</query>
<earliest>0</earliest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="rowNumbers">false</option>
<option name="wrap">true</option>
<format type="color" field="Source Type">
<colorPalette type="map">{"splunkd":#6DB7C6,"splunk-access":#F7BC38,"s":#AFEEEE}</colorPalette>
</format>
<format type="color" field="count">
<colorPalette type="minMidMax" maxColor="#31A35F" midColor="#A2CC3E" minColor="#FFFFFF"></colorPalette>
<scale type="minMidMax" maxType="percentile" maxValue="100" midType="percentile" midValue="50" minType="percentile" minValue="0"></scale>
</format>
</table>
</panel>
</row>
</dashboard>
V
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
helge
Builder
02-15-2017
02:45 PM
Not adding additional quotes in some way is the one thing I did not try 😉
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DalJeanis
Legend
02-15-2017
02:43 PM
It's great to include working code in your answer. It might have been easier for the poster to understand your answer if you'd also told him what field name to look for in your HTML - which is "Source Type" in this instance.
Or just told him -
<format type="number" field="fieldname with spaces">
Get Updates on the Splunk Community!
Introducing the 2024 SplunkTrust!
Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!
The ...
Introducing the 2024 Splunk MVPs!
We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...
Splunk Custom Visualizations App End of Life
The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...
