Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk map size of Piechart/How to remove field from pie portion in splunk map

disha
Contributor
‎10-29-2014 08:04 AM

Hi..I have little tricky requirement. I need to display health score of device by Location as "Good" "Bad" and "Fair" on Splunk Map.
But the Size of Pie should be depends upon usercount. and portion of pies should be only Good Fair or Bad. I wrote the query but It is taking Usercount also as a portion of pie. I ned to remove that but Still I want size according to user count.
Intersting fact is : Good+Bad+Fair != Usercount as Usercount is population not the people who are using that app.

Search query is :
|inputlookup network_mapping_file.csv|fields latitude,longitude,UserCount|geostats latfield=latitude longfield=longitude max(UserCount) as UserCount |appendcols[search index=ms sourcetype=transaction | join inner hostname[|inputlookup network_mapping_file.csv|fields hostname,latitude,longitude,UserCount] | search transaction="StaticFile3MB" | eval secs=round(duration/1000) | rangemap field=secs Good=0-3 Fair=3-4 Bad=4-2000 | geostats latfield=latitude longfield=longitude count by range]alt text

Please suggest how I can determine the size of pie according to usercount without using it in portion of pie. As in image..Blue is User count . I need to remove that and just want to display Green red and yellow in pie.

Thanks,
Disha

Tags (3)
Preview file
40 KB
0 Karma
Reply

Venkat_16
Contributor
‎06-15-2015 03:11 AM

instead of using a rangemap try using eval and case condition, i would call it something like:

eval severity=case(secs<1 AND secs>3,"Good",secs<=3 AND secs>4,"Fair",secs<=4 AND secs>2000,"worse") | geostats latfield=latitude longfield=longitude count by severity

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...