Solved: Timeline- Custom Visualization: How do I apply col...

rbernharnavy · ‎05-28-2019

When applying the timeline visualization against table _time job_name duration, and selecting categorical color mode in the format menu, it doesn't seem to be picking up the resource_field, instead it picks up duration which results in a huge legend of many colors.

From the docs I see usage is table _time <resource_field> [<color_field>] [<duration_field>] ,
so I'm confused what color_field is for or how to properly apply colors using the resource_field bins.

niketn · ‎05-28-2019

@rbernharnavy try to create duplicate field for color in your case

 <yourCurrentColor>
| eval job_name_category=job_name
| table _time job_name job_name_category duration

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

joesrepsolc · ‎10-19-2020

Not liking the default colors it selected.

joesrepsolc · ‎10-19-2020

But can I manually set the colors used for this visualization like in other Splunk charts? I would like the colors for Excellent to be green, Poor to be red, etc.

Example:
<option name="charting.fieldColors">{"Unacceptable": #DC4E41,"Poor": #F1813F,"Fair": #F8BE34,"Good": #B6C75A,"Excellent": #53A051}</option>

quatorz · ‎02-10-2020

You need to set "Use colors" to "Yes" in the Format tab. Then it will interpret your color_field

niketn · ‎05-28-2019

@rbernharnavy try to create duplicate field for color in your case

 <yourCurrentColor>
| eval job_name_category=job_name
| table _time job_name job_name_category duration

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

rbernharnavy · ‎05-29-2019

That did it, thanks!

Timeline- Custom Visualization: How do I apply colors using the resource_field bins?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms