Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk map size of Piechart/How to remove field from pie portion in splunk map

disha
Contributor
‎10-29-2014 08:04 AM

Hi..I have little tricky requirement. I need to display health score of device by Location as "Good" "Bad" and "Fair" on Splunk Map.
But the Size of Pie should be depends upon usercount. and portion of pies should be only Good Fair or Bad. I wrote the query but It is taking Usercount also as a portion of pie. I ned to remove that but Still I want size according to user count.
Intersting fact is : Good+Bad+Fair != Usercount as Usercount is population not the people who are using that app.

Search query is :
|inputlookup network_mapping_file.csv|fields latitude,longitude,UserCount|geostats latfield=latitude longfield=longitude max(UserCount) as UserCount |appendcols[search index=ms sourcetype=transaction | join inner hostname[|inputlookup network_mapping_file.csv|fields hostname,latitude,longitude,UserCount] | search transaction="StaticFile3MB" | eval secs=round(duration/1000) | rangemap field=secs Good=0-3 Fair=3-4 Bad=4-2000 | geostats latfield=latitude longfield=longitude count by range]alt text

Please suggest how I can determine the size of pie according to usercount without using it in portion of pie. As in image..Blue is User count . I need to remove that and just want to display Green red and yellow in pie.

Thanks,
Disha

Tags (3)
Preview file
40 KB
0 Karma
Reply

Venkat_16
Contributor
‎06-15-2015 03:11 AM

instead of using a rangemap try using eval and case condition, i would call it something like:

eval severity=case(secs<1 AND secs>3,"Good",secs<=3 AND secs>4,"Fair",secs<=4 AND secs>2000,"worse") | geostats latfield=latitude longfield=longitude count by severity

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...