Dashboards & Visualizations

How to change the colors of fields in a pie chart (and the values change constantly)

Kirantcs
Path Finder

Hi ,
Assume I have CPU utilization categorized as Critical, Warning and Normal. Now using append I combine individually to show a pie chart. In the piechart, along with Critical values, I also display the number of instance in that state. For ex: let's say there are 20 Critical severs,10 warning servers and 100 Normal servers. So when I display this on a pie chart the number of servers in critical will be displayed as Critical :20, Warning:10, and so on.
I tried it with Charting fields for static words like Critical, Warning, etc., but I don't know how to give color to such case where Critical is taken by Splunk as Critical: 20. I tried by giving "%" wildcards, didn't work.

Note
The server values keep changing.

0 Karma

cmerriman
Super Champion

there isn't any way to wildcard the colors. this is a workaround:

in your query, write out something like ...|eval category2=category+":"+count|eval sort=case(category="Critical",1,category="Warning",2,category="Normal",3)|sort sort|fields category2 count you might want to add something to dummy encode that all categories are there, in case there are no Critical values or something.
something like this:

index=.....|stats count by category|append [|makeresults|eval category="Critical,Warning,Normal"|makemv category delim=","|mvexpand category]|fillnull count value=0|eval category2=category+":"+count|dedup category|eval sort=case(category="Critical",1,category="Warning",2,category="Normal",3)|sort sort|fields category2 count |fields - _time

and then in the simpleXML, put this <option name="charting.seriesColors">[0xff0000,0xff6600,0xffff00]</option> it will use Red, Orange and Yellow, in the order, based on the order the categories were sorted.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...