highlightgroups

Use the highlightgroups command to match strings or search criteria on the properties of the groups identified by any grouping command such as stats, link, or timestats, and highlight them in the visualization.

Syntax

highlightgroups [<highlightgroups_options>] [<keyword_expression> [, <keyword_expression>]*] [<subquery>] [as <new_field_name>]

Parameters

The following table lists the parameters used in this command, along with their descriptions.

Parameter Description

highlightgroups_options

Syntax:

[color = red | green | blue | yellow | <hex>] [priority = high | medium | low]

color: The color to use for highlighting.

priority: The priority assigned to the highlighted groups.

If the color is not specified, then the priority is used to assign a default matching color. If priority and color are both not specified, then a default color would be used for each highlight.

keyword_expression

Syntax:

<string> | "<string>" | '<string>'

Keywords or quoted phrases to match.

subquery

The subquery to identify the groups.

new_field_name

The new name of the field.

For examples of using this command in typical scenarios, see:

The following command highlights post request groups in yellow color:

* | link Request | highlightgroups color = yellow post as 'Post Requests'
* | stats count by Request | highlightgroups color = #228B22 post as 'Post Requests'

The following command highlights entity groups with large total content size in red color:

* | link Entity | stats sum('Content Size') as 'Content Size' | highlightgroups color = red [ * | where 'Content Size' > 20000000000 ] as 'Large Content'
* | stats sum('Content Size') as 'Content Size' by Entity  | highlightgroups color = red [ * | where 'Content Size' > 20000000000 ] as 'Large Content'