Splunk

Splunk – RGB Value Based on Percentage

By April 8, 2019 November 11th, 2019 One Comment

Note, please read part 2 instead for a improved query, with better examples!!!

So- I had a need to calculate a RGB value based on the percentage total progress. My specific need was to color-code a vehicles route on a map by the time.

Here is how I accomplished it.

First, we need to calculate the percentage complete. Your implementation may vary. However- this basic use case will calculate a percentage for most queries.

| eventstats count as total 
| streamstats count as pos 
| eval pct = ROUND(pos/total*100,0)

Next, I needed to calculate the RGB value. My implementation goes from red(0%) to green(100%).

If you wanted to tweak the colors, this would be the line to modify.

| eval r=IF(pct<50, 255, 510-5.10*pct), g=IF(pct<50, 5.1*pct, 255), b=0

Next, is this ugly block of commands, to convert the RGB values, into a single hex value. If you find a better way to manage this- please let me know.

## Round the values. Cannot convert decimals to hex.
| eval r=ROUND(r,0), g=ROUND(g,0), b=ROUND(b,0)
## Replace the 0x with empty.
| eval rH=REPLACE(tostring(r,"hex"), "0x", ""),gH=REPLACE(tostring(g,"hex"), "0x", ""), bH=REPLACE(tostring(b,"hex"), "0x", "")
## Ensure each "grouping" is two characters long.
| eval rH=substr("00", 0, max(2-len(rH), 0)).rH, gH=substr("00", 0, max(2-len(gH), 0)).gH, bH=substr("00", 0, max(2-len(bH), 0)).bH 
## Combine the hex segments
| eval circleColor="#".rH.gH.bH

Here is the color curve generated.

Share this content

Join the discussion One Comment

%d bloggers like this: