DEV Community

loading...

Splunk - Add marker lines in a column chart

Maxime Guilbert
Just a dev who touches a lot of things and wants to share his experiences. (or just want to note somewhere things to don't forget)
・1 min read

In our dashboards, it can really help to have marker lines to show where it's critical or not.

And today, we will see how to do it in a Splunk Column Chart!


How to do it?

The request

First, you need to define different variables in your request which will correspond to your different markers.

... | eval warning = 1 | eval critical = 2 ...
Enter fullscreen mode Exit fullscreen mode

Then, be sure that these values are returned in your response data.

| table x y warning critical
Enter fullscreen mode Exit fullscreen mode

The dashboard

In your dashboard definition, you need to add an option called charting.chart.overlayFields. It will contains all the parameters names to use as marker.

...
<chart>
  <title>My chart</title>
  <search>
    <query>...</query>
    <earliest>$time.earliest$</earliest>
    <latest>$time.latest$</latest>
  </search>
  <option name="charting.chart">column</option>
  <option name="charting.chart.overlayFields">warning,critical</option>
  <option name="charting.drilldown">none</option>
</chart>
...
Enter fullscreen mode Exit fullscreen mode

And now you have beautiful markers on your chart!
Alt Text

Customize colors

To customize the colors, you have to add another option called charting.fieldColors. It will contains a JSON object with your parameter name as key and the color as value.

<option name="charting.fieldColors">{"warning":0xf77f00, "critical":0xd62828}</option>
Enter fullscreen mode Exit fullscreen mode

And now you can play with it!


I hope it will help you!

Don't hesitate to give some feedback to help me to improve my writing skills. Thanks!

Discussion (0)

Forem Open with the Forem app