Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk map size of Piechart/How to remove field from pie portion in splunk map

disha
Contributor
‎10-29-2014 08:04 AM

Hi..I have little tricky requirement. I need to display health score of device by Location as "Good" "Bad" and "Fair" on Splunk Map.
But the Size of Pie should be depends upon usercount. and portion of pies should be only Good Fair or Bad. I wrote the query but It is taking Usercount also as a portion of pie. I ned to remove that but Still I want size according to user count.
Intersting fact is : Good+Bad+Fair != Usercount as Usercount is population not the people who are using that app.

Search query is :
|inputlookup network_mapping_file.csv|fields latitude,longitude,UserCount|geostats latfield=latitude longfield=longitude max(UserCount) as UserCount |appendcols[search index=ms sourcetype=transaction | join inner hostname[|inputlookup network_mapping_file.csv|fields hostname,latitude,longitude,UserCount] | search transaction="StaticFile3MB" | eval secs=round(duration/1000) | rangemap field=secs Good=0-3 Fair=3-4 Bad=4-2000 | geostats latfield=latitude longfield=longitude count by range]alt text

Please suggest how I can determine the size of pie according to usercount without using it in portion of pie. As in image..Blue is User count . I need to remove that and just want to display Green red and yellow in pie.

Thanks,
Disha

Tags (3)
Preview file
1 KB
0 Karma
Reply

Venkat_16
Contributor
‎06-15-2015 03:11 AM

instead of using a rangemap try using eval and case condition, i would call it something like:

eval severity=case(secs<1 AND secs>3,"Good",secs<=3 AND secs>4,"Fair",secs<=4 AND secs>2000,"worse") | geostats latfield=latitude longfield=longitude count by severity

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...