Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

coloring a row based on field value(with a wildcard/space)

smolcj
Builder
‎01-16-2013 10:46 PM

hi,
for changing the color of a field we can change the css to
.Table tr.informational td {
background-color:#72c72d;
color:#fff;
}
what if the field name is having some space or if we have to add a wild card in the field value like
.Table tr.informational 1 td {
background-color:#72c72d;
color:#fff;
}

why i need wildcard because it can be informational 2 informational 3... etc.. something like info*.. is it possible?
Please help
Thank you

0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎01-16-2013 11:25 PM

In this question you're asking about the "rowClass" param of the Sideview Table module, and for those following along this question came from a comment on this other question - http://splunk-base.splunk.com/answers/60993/colorize-simpleresultstable-rows-based-on-field-values.

The value of the Table module's rowClass param, as calculated at runtime can contain spaces, whether or not those spaces come from the dynamic field value(s) present by virtue of $fieldName$, or from hardcoded parts of the string. However in CSS a space in there means that multiple classes are being applied indepently to the element. EG: if the rowClass value were "informational 1", then you'd be applying two classes independently, "informational", and "1". Each of those classes you'd have to define in your stylesheet, and needless to say "1" is a very strange classname to use.

To simplify this, I would stay away from spaces in the fieldnames that you're using in rowClass. Specifically I would use | eval myClassField=replace(myClassField," ","_") either in the base search or in a postProcess search, to turn those values into "informational_1", "informational_2", etc.. That will mean they act as a single class and you can define those informational_1, informational_2, informational_3 in your CSS.

Reply

sideview
SplunkTrust
SplunkTrust
‎01-17-2013 10:10 AM

No it is not. No such mechanism exists in CSS and in fact the "" character has its own meaning in CSS that would confuse things even further. Granted, if you let the "informational 1" values come down as rowClass values, you'd *get your wildcard behavior in the form of the "informational" class. You could leave the "1", "2" classes undefined and your "informational" class might work as the wild card you're wanting?

0 Karma
Reply

smolcj
Builder
‎01-17-2013 02:43 AM

so a wildcard idea is not possible here?

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...