Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Could you help me with the following search queries and then help me turn the information into a piechart?

hurt
New Member
‎10-05-2018 01:32 AM

Good evening guys,

I'm new using this tool, and actually, I have the following tasks to do. I want to ask you if I did well on this one and if you could me help with any tasks I'm missing:

Context:
I was deploying Splunk in a VM (Linux - Ubuntu). Splunk by itself generated events, and my tasks are the following:

  • Amount of different indexes - Single value
    A:/ index=_* | stats distinct_count(index)
    As a single value in screen it show me "4".

  • Index with the highest event count - Single value
    A:/ I did index=_* | stats count by index | sort - count", it show me "_internal as the highest value

  • Indexes distribution events:
    _internal - timechart.
    _thefishbucket - timechart

I don't understand yet. Could someone who understands this please explain it to me because I don't get it...

I don't know if is something like index=_internal | timechart count usenull=f useother=f | sort - count would work...

  • Show in a pie chart the percentages of the total of events. A:/ I did the following, in the tab "Dashboard", I created a pie panel with this information index=_* | stats count by index. Eventually, it showed me a pie chart with the information that I needed (that's what I think)

I don't know if the points that I solved are fine.

Beforehand, I appreciate your help with this topic.

Warm regards,

0 Karma
Reply

horsefez
Motivator
‎10-05-2018 03:03 AM

Hi @hurt,

I can tell you that much:
You made a fine decision choosing Splunk and joining us "the Splunkers" on their ever-awesome journey with this product.
New people to Splunk are most-likely best off learning about the product in an easy way using the following link:
https://www.splunk.com/en_us/resources/getting-started.html

This link and the links on the site will give you a better understanding about what an awesome plattform splunk is.

Get back to me after that, if you have any further questions. 🙂

Regards,
pyro_wood

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...