- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Unable to create Pie Chart with desired field ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guys,
I am trying to create pie chart with below query but unfortunately i am not getting desired result.
sourcetype="web_ping" website_monitoring_search_index title=| fillnull value=1000 response_code | eval success=case(response_code>=400, 0, timed_out == "True", 0, response_code="", 0) | fillnull value=1 success |stats count as total, sum(success) as successes by title| eval availability=round(100(successes/total),2) |eval failures=(100-'availability')| eval result=availability + " - " + failures|stats count by title result
What I am looking for is Pie chart to have 2 colors i.e. Availability should be in green and Failures should be shown in red and distributed according to their percent values in the pie.
I did trial and error with below xml but it did not work
<option name="charting.legend.labels">[availability,failures]</option>
<option name="charting.seriesColors">[#00ff00,#ff0006]</option>
<option name="charting.fieldColors">{"availability":#00ff00 "failures":#ff0006}</option>
Currently I am getting output in below format with my above query -
title result count
abc 100.00 - 0.00 1
xyz 96.67 - 3.33 1
pqr 91.00 - 9.00 1
Can someone please help me figure out the right way to do this
Thanks in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check your result: (Viz> Pie Chart with trellis)
| makeresults
| eval _raw="title,result,count
abc,100.00 - 0.00,1
xyz,96.67 - 3.33,1
pqr,91.00 - 9.00,1"
| multikv forceheader=1
| table title,result,count
| eval availability=mvindex(split(result," "),0), failures=mvindex(split(result," "),-1)
| table title availability failures
| transpose header_field=title column_name=status
| stats values(*) as * by status
Recommend:
sourcetype="web_ping" `website_monitoring_search_index` title=
| fillnull value=1000 response_code
| eval success=case(response_code>=400, 0, timed_out == "True", 0, response_code="", 0)
| fillnull value=1 success
| stats count as total, sum(success) as successes by title
| eval availability=round(100(successes/total),2)
| eval failures=(100-'availability')
| table title availability failures
| transpose header_field=title column_name=status
| stats values(*) as * by status
Change color as you like.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check your result: (Viz> Pie Chart with trellis)
| makeresults
| eval _raw="title,result,count
abc,100.00 - 0.00,1
xyz,96.67 - 3.33,1
pqr,91.00 - 9.00,1"
| multikv forceheader=1
| table title,result,count
| eval availability=mvindex(split(result," "),0), failures=mvindex(split(result," "),-1)
| table title availability failures
| transpose header_field=title column_name=status
| stats values(*) as * by status
Recommend:
sourcetype="web_ping" `website_monitoring_search_index` title=
| fillnull value=1000 response_code
| eval success=case(response_code>=400, 0, timed_out == "True", 0, response_code="", 0)
| fillnull value=1 success
| stats count as total, sum(success) as successes by title
| eval availability=round(100(successes/total),2)
| eval failures=(100-'availability')
| table title availability failures
| transpose header_field=title column_name=status
| stats values(*) as * by status
Change color as you like.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's working perfectly!! Thanks a lot for your help.
Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!
Transform your security operations with Splunk Enterprise Security
Splunk Admins and App Developers | Earn a $35 gift card!
