Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to color cells with time format (duration)

marina_rovira
Contributor
‎04-26-2017 07:56 AM

Hi there!

I have a table full of calls information and I want to give colour to one of them:
alt text

I've tried the fieldformat thing but I can not set colors. I would like to use the options that splunk give for table format.

I like to set the calls which have a duration greater than 45 minutes to be in yellow.

Any idea how can i do this?

Thank you in advance!

Preview file
1 KB
0 Karma
Reply

jamesbrock
Path Finder
‎04-26-2017 08:30 AM

You could try doing a eval on the time to get the a number of minutes, then use a rangemap to color the cells you want.

check this page

https://answers.splunk.com/answers/65240/converting-hours-minutesseconds-to-a-numerical-value.html

search="foobar"
| rex field="MaxCallDuration" "(?\d{2}):(?\d{2})'(?\d{2})"
| eval duration_seconds = ((hour*3600)+(min*60)+sec)
| rangemap field=duration_seconds low=1-59 guarded=60-179 elevated=180-479 high=480-899 severe=900-36000
| stats count by range

low = green
guarded = blue
elevated = yellow
high = orange
severe =red

0 Karma
Reply

marina_rovira
Contributor
‎04-27-2017 02:18 AM

I think I'm not understanding your answer, here you have what I'm doing:

| eval MaxHandleTimesecs=strptime(MaxHandleTime, "%H:%M:%S")-strptime("00:00:00", "%H:%M:%S") ----> I do this with all the fields with duration

| stats sum(CallsPresented) as "Number of Calls".... sum(MaxHandleTimesecs) as MaxCallDuration by CSQName ---> The "..." are the other fields, the same as sum(..)

| fieldformat MaxCallDuration=tostring(round('MaxCallDuration',0),"duration") | table CSQName,"Number of Calls","Calls abandoned","Average time to response","Average call duration","Max Time to Abandon",MaxCallDuration

All to have a table with by Name, all the duration fields calculations, for having sum up all the durations.

I've checked and withot the fieldformat or converting it as strign to show in HH:MM:SS format, it works. How can I do for it to work also even in the other format?

Thank you

0 Karma
Reply

koppolu17
Explorer
‎04-26-2017 08:09 AM

Hope you refer http://answers.splunk.com/answers/83206/color-in-a-table-based-on-values.

0 Karma
Reply

marina_rovira
Contributor
‎04-26-2017 08:30 AM

Is there any way to do it without js?
Splunk gives option to put colors, and one option is about colour range. The problem I have is that as the format is in time format, it doesn't recognize well, I think, if something is greater or not from a value.

I've tried to put 00:45:00 and 2700 (45min *60 sec), and none worked.

0 Karma
Reply
Get Updates on the Splunk Community!

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...