Spread our blog

Define Single value trellis visualization color based on the non-numeric field

We all know that we can specify color in single value trellis visualization based on the count or numeric field, based on numeric ranges we can define color. Today we will try to assign a color in single value trellis visualization based on non-numeric values.

Let’s try to understand the use case,

Here we have a query like this.

index=_internal 
| stats count by log_level

Where we are fetching counts of “log_level” field from _internal index.

Now if we change the visualization into a single value trellis it will look like this.

Now based on the “log_level” field we will try to change the color here. For INFO it will be Green, for WARN it will be Yellow and for ERROR it will be Red.

To do this modification we can use JavaScript and CSS but that will be a complicated process. We can implement the same using the “RangeMap” command.

NOTE: “Rangemap ” command is generally used to categorize numeric fields, it will add a new field called “range”. But we can use “rangemap” to define color also in the visualization.

Now our modified query will look like this,

index=_internal 
| stats count by log_level 
| eval color=case(log_level="INFO","1",log_level="WARN","5",log_level="ERROR","10")
| rangemap field=color low=1-4 elevated=5-9 severe=10-14

Result:

Visualization:

Explanation:

Where we are fetching counts of “log_level” field from _internal index. After that using the Evalcommand we created a field called “color” with a condition that, if “log_level” is equal to INFO, WARN and ERROR then it will return 1,5 and 10 respectively. Then using the “rangemapcommand created a field called “range”, with a specified range i.e. within 1-5 it will be low (whose default color is green), within 5-9 it will be elevated(yellow) and within 10-14 it will be severe(red).

You can also know about :  How to Add Different Background Colours to Different Panel Titles in Splunk Dashboard

Hope you all have enjoyed this blog ” Define Single value trellis visualization color based on the non-numeric field “. See you all on to the next one.

Happy Splunking!!

What’s your Reaction?
+1
+1
+1
+1
+1
+1
+1

Spread our blog

LEAVE A REPLY

Please enter your comment!
Please enter your name here