Change Pie Chart colors
Splunk: Create a Dashboard, edit colors, etc
This example shows how to create a new Dashboard for Nessus network scanner (a Plugin for Splunk that parses Nessus scan data)
install Nessus plugin
Create new index, Nessus, limit size of index in GB
go to Nessus plugin, add an Input, Nessus Host Scans, add it to index "nessus"
add Data (Splunk home > Add Data > Monitor > Splunk Addon for Nessus)
Create a new Search, Splunk > Search > Data Summary
select any Source type and go to the Search screen
enter the search string
index="nessus" and name="Your Nessus Scan Name"
Once results come up, save them as a Report, this saves the search to be used for later
Create a new Pivot table based on the data, example, all Critical issues
Open up same Search again, click on Visualization > Pivot Table
Select Pivot > Selected Fields, choose a bar chart
For Filter add Severity = Critical
X Axis = Plugin Name
Y Axis = Count
Save as Dashboard Panel
Final dashboard:
Add a Statistics Table
Change the Statistic Table "Severity" row colors
Add a Pie Chart
change the color of series
<dashboard> <label>My dashboard</label> <row> <panel> <chart> <searchName>My saved report</searchName> <option name="charting.legend.labels">[error,warn,info]</option> <option name="charting.seriesColors">[0xFF0000,0xFFFF00,0x00FF00]</option> </chart> </panel> </row> </dashboard>
adjust permissions for each
Settings > Access Controls > Roles > role name of user > add the new index,
Optional:
add a Time Commander field so all charts on dashboards reflect the Earliers/Latest time
Edit your Dashboard, go to XML source
add a new Time Commander field, to top of XML
<fieldset submitButton="false">
<input type="time" searchWhenChanged="true" token="time_commander">
<label>Time period</label>
<default>
<earliest>-7d@d</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
for each chart, add <earliest> <latest> tags
<panel>
<title>Top 10 Hosts with Critical Severity</title>
<chart>
<title>$nessus_env$</title>
<search>
<query>| pivot nessus_pivot RootObject dc(Plugin_Name) AS "# of Criticals" SPLITROW extracted_Host AS extracted_Host FILTER Risk is Critical SORT 10 extracted_Host ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1 FILTER NessusEnv is "$nessus_env$"</query>
<earliest>$time_commander.earliest$</earliest>
<latest>$time_commander.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>