Change Pie Chart colors

Splunk: Create a Dashboard, edit colors, etc

This example shows how to create a new Dashboard for Nessus network scanner (a Plugin for Splunk that parses Nessus scan data)

    1. install Nessus plugin

    2. Create new index, Nessus, limit size of index in GB

    1. go to Nessus plugin, add an Input, Nessus Host Scans, add it to index "nessus"

    1. add Data (Splunk home > Add Data > Monitor > Splunk Addon for Nessus)

    1. Create a new Search, Splunk > Search > Data Summary

    2. select any Source type and go to the Search screen

    3. enter the search string

    4. index="nessus" and name="Your Nessus Scan Name"

    1. Once results come up, save them as a Report, this saves the search to be used for later

    2. Create a new Pivot table based on the data, example, all Critical issues

    3. Open up same Search again, click on Visualization > Pivot Table

    1. Select Pivot > Selected Fields, choose a bar chart

    2. For Filter add Severity = Critical

    3. X Axis = Plugin Name

    4. Y Axis = Count

    1. Save as Dashboard Panel

    2. Final dashboard:

Add a Statistics Table

Change the Statistic Table "Severity" row colors

Add a Pie Chart

change the color of series

<dashboard> <label>My dashboard</label> <row> <panel> <chart> <searchName>My saved report</searchName> <option name="charting.legend.labels">[error,warn,info]</option> <option name="charting.seriesColors">[0xFF0000,0xFFFF00,0x00FF00]</option> </chart> </panel> </row> </dashboard>

adjust permissions for each

Settings > Access Controls > Roles > role name of user > add the new index,

Optional:

add a Time Commander field so all charts on dashboards reflect the Earliers/Latest time

Edit your Dashboard, go to XML source

add a new Time Commander field, to top of XML

<fieldset submitButton="false">

<input type="time" searchWhenChanged="true" token="time_commander">

<label>Time period</label>

<default>

<earliest>-7d@d</earliest>

<latest>now</latest>

</default>

</input>

</fieldset>

for each chart, add <earliest> <latest> tags

<panel>

<title>Top 10 Hosts with Critical Severity</title>

<chart>

<title>$nessus_env$</title>

<search>

<query>| pivot nessus_pivot RootObject dc(Plugin_Name) AS "# of Criticals" SPLITROW extracted_Host AS extracted_Host FILTER Risk is Critical SORT 10 extracted_Host ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1 FILTER NessusEnv is "$nessus_env$"</query>

<earliest>$time_commander.earliest$</earliest>

<latest>$time_commander.latest$</latest>

<sampleRatio>1</sampleRatio>

</search>