highlightgroups
Use the highlightgroups command to match strings or search
criteria on the properties of the groups identified by any grouping command such as
stats, link, or timestats, and
highlight them in the visualization.
Syntax
highlightgroups [<highlightgroups_options>] [<keyword_expression> [, <keyword_expression>]*] [<subquery>] [as <new_field_name>]Parameters
The following table lists the parameters used in this command, along with their descriptions.
| Parameter | Description |
|---|---|
|
|
Syntax: [color
= red | green | blue | yellow | <hex>] [priority =
high | medium | low]
If the color is not specified, then the priority is used to assign a default matching color. If priority and color are both not specified, then a default color would be used for each highlight. |
|
|
Syntax: <string> | "<string>" |
'<string>'Keywords or quoted phrases to match. |
|
|
The subquery to identify the groups. |
new_field_name |
The new name of the field. |
For examples of using this command in typical scenarios, see:
The following command highlights post request groups in yellow color:
* | link Request | highlightgroups color = yellow post as 'Post Requests'* | stats count by Request | highlightgroups color = #228B22 post as 'Post Requests'The following command highlights entity groups with large total content size in red color:
* | link Entity | stats sum('Content Size') as 'Content Size' | highlightgroups color = red [ * | where 'Content Size' > 20000000000 ] as 'Large Content'* | stats sum('Content Size') as 'Content Size' by Entity | highlightgroups color = red [ * | where 'Content Size' > 20000000000 ] as 'Large Content'