Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to draw a piechart which show the different msg got from splunk query

neha_h
Explorer
‎04-28-2020 12:22 AM

Hi,
I am getting below events from my splunk search but how to show them in pie chart.

Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error Invalid request".\"}]","podName":"test-service","category":"ERROR"}

Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error downsteam error".\"}]","podName":"test-service","category":"ERROR"}

basically I want to show the String which is there inside Error is array (basically the message part) in the pie chart for today's date

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎04-28-2020 01:40 AM 
| makeresults 
| eval _raw="raw
Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error Invalid request\".\"}]\",\"podName\":\"test-service\",\"category\":\"ERROR\"}
Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error downsteam error\".\"}]\",\"podName\":\"test-service\",\"category\":\"ERROR\"}"
| multikv forceheader=1
| rex "\[(?<codes>.*)\]"
| spath input=codes
| stats count by message

Viz >> Pie Chart

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎04-28-2020 01:40 AM 
| makeresults 
| eval _raw="raw
Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error Invalid request\".\"}]\",\"podName\":\"test-service\",\"category\":\"ERROR\"}
Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error downsteam error\".\"}]\",\"podName\":\"test-service\",\"category\":\"ERROR\"}"
| multikv forceheader=1
| rex "\[(?<codes>.*)\]"
| spath input=codes
| stats count by message

Viz >> Pie Chart

0 Karma
Reply
Solved! Jump to solution

neha_h
Explorer
‎04-28-2020 03:04 AM

Thank you @to4kawa ,
Can we group 1 type of error and it's count in 1 slice and other type and it's count in 2nd slice in pie chart?

0 Karma
Reply
Solved! Jump to solution

to4kawa
Ultra Champion
‎04-28-2020 03:10 AM

yes, you can.

0 Karma
Reply
Solved! Jump to solution

neha_h
Explorer
‎04-28-2020 03:48 AM

how can i do that?

0 Karma
Reply
Solved! Jump to solution

neha_h
Explorer
‎04-28-2020 03:55 AM

Thanks, I could do that with | stats count by codes, Thank you so much @to4kawa

0 Karma
Reply
Solved! Jump to solution

to4kawa
Ultra Champion
‎04-28-2020 03:55 AM

use eval to collect other types

0 Karma
Reply
Get Updates on the Splunk Community!

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...