Change the color of row based on time of the event...

simon21 · ‎07-24-2018

I have a Value field that shows the temperature values. The moment the value is lower than 19 degree, it row in the table should turn yellow. For the first 10 mins of the event occurrence, it should remain yellow, during the 11th min, it should turn red. Is there any timer or countdown I can set to monitor the timestamp from first occurrence of the value drop and then when it is hitting the 11th min, it can turn the color to red.

Please assist.
Thanks in advance.

renjith_nair · ‎07-24-2018

@simon21,

You could do it by using combination of search and conditional formatting.

index="your index" |fields _time,temperature|eval diff=((now()-_time)/60)|eval status_code=case(temperature <19 AND diff>10,2,temperature <19 ,1,true(),0)

In the status_code you get
0 - normal
1 - yellow
2 - red
Based on the status_code you could set the conditional formatting. Splunk by default supports color change of a column based on column value but if you want entire row to be changed, you need to use css and js as mentioned below in one of my previous answers : https://answers.splunk.com/answers/670546/how-to-change-color-of-entire-row-based-on-field-v.html

Happy Splunking!

niketn · ‎07-24-2018

@renjith.nair, can you move your answer to the following question as this is a duplicate?

https://answers.splunk.com/answers/674451/how-to-change-the-color-of-row-based-on-time-of-th.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Change the color of row based on time of the event occurrence

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!