Could you help me link a pie chart with an input t...

jip31 · ‎11-05-2018

hello

I use the code below for doing a pie chart

index=windows sourcetype="wineventlog:system" SourceName="Disk" EventCode=7 Type="Critique" 
| dedup _time 
| stats count by EventCode
| eventstats sum(count) as Total 
| eval percent=round((count/Total)*100,1) 
| eval EventCode=EventCode."(count: ".count.", percent: ".percent.")"

I need to update automatically this pie chart from an input token which represents the hostname.

I have something like this, but it doesn't work.

| stats count by EventCode, host

have you an idea please???

jip31 · ‎11-05-2018

Nobody can't help me please??

renjith_nair · ‎11-06-2018

@jip31,

if you just want to filter based on the host name from the token, then try adding this to your base search.

     index=windows sourcetype="wineventlog:system" SourceName="Disk" EventCode=7 Type="Critique"  host=$hostname$

---
What goes around comes around. If it helps, hit it with Karma 🙂

jip31 · ‎11-12-2018

pearhaps I have bad explained
my token works with * or with an exact host
but i would like to have no pie chart if a wrong host is entered in the token
even with a wrong host actually my pie chart is always displayed....

jip31 · ‎11-09-2018

hi it's what i m doing but when i m doing this in my report I cant have any results....

renjith_nair · ‎11-09-2018

Try one of the hostnames which is a candidate for $hostname$ and search in search window and see if it returns

---
What goes around comes around. If it helps, hit it with Karma 🙂

Could you help me link a pie chart with an input token?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!