Dashboards & Visualizations

How to populate percentage on bar chart

Akmal57
Path Finder

Hi all,

I'm monitoring compliance data for the past 7 days using timechart. My current query displays the count of "comply" and "not comply" events for each day.

index= indexA | timechart span=1d count by audit

Akmal57_0-1712546001897.png

 

However, I'd like to visualize this data as percentages instead. Is it possible to modify the search to display the percentage of compliant and non-compliant events on top of each bar?

Thanks in advance for your help!

Labels (2)
0 Karma

bowesmana
SplunkTrust
SplunkTrust

If you add the following after your timechart command it will change the values from numbers to percentages

| addtotals fieldname=_Total
| foreach * [ eval <<FIELD>>=round(('<<FIELD>>'/_Total*100),2) ]

Note that the _ in front of the total field name prevents it from being displayed, then the foreach command just calculates the percentages.

 

Akmal57
Path Finder

Hi @bowesmana,

index="index A" 

| table _time, Audit

| addtotals fieldname=Total

| foreach * [eval Audit=round (('Audit'/Total*100),2)]

above is my query that i have created based on your idea, but seems not working. Below screenshot is the result for above query.

Akmal57_0-1713144964612.png

the values not showing in percentage.

 

 

0 Karma

bowesmana
SplunkTrust
SplunkTrust

You have not done what I suggested, you have changed the SPL to something that will not work.

Please use the exact code I provided after your timechart command

 

0 Karma

KendallW
Contributor

Hi @Akmal57, try changing the format of the visualization to stacked

KendallW_0-1712550803472.png

 

0 Karma

Akmal57
Path Finder

Hi @KendallW,

it's not working, it just staking the value of the bar chart.

0 Karma
Get Updates on the Splunk Community!

Notification Email Migration Announcement

The Notification Team is migrating our email service provider from Postmark to AWS Simple Email Service (SES) ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...