Hi @gcusello 

I tried below query but its not fetching the correct counts of each statuscode...If i want to capture other statuscode greater than 400 ,>500 how should i include it
 index="**" source="****"
| rex "\"statusCode\":(?<statusCode>[\d]*)"
| stats count by statusCode | eval statusCode =case(statusCode="200","success",statusCode="500","Internal Server Error",statusCode="400","Bad Request") | table statusCode,count

Hi @gcusello 
I am able to get different  status code in a pie chart ,if i also want to append an another query count to get the "totalrequest" ....its not adding to pie chart

How can i add below in pie chart...lets say

the total request count say 3

success 200-2(green color)

400 error-1(pink color)

500 error-1(red color)

index="1**" source="2***"
| rex "(?ms)statusCode: (?<status_code>\d+)" | stats count by statusCode
| appendcols [search index="1**" source="2**" "republish event"| stats count by event.body | stats count | rename count as totalrequest]

Hi @nithys,

don' add a new question (even if on the same topic) to a closed question, anyway what's the issue in your search?

anyway, you don't need to have two stats command in the secondary search:

index="1**" source="2***"
| rex "(?ms)statusCode: (?<status_code>\d+)" 
| stats count by statusCode
| appendcols [ search 
   index="1**" source="2**" "republish event"
   | stats dc(event.body) AS totalrequest ]

Ciao.

Giuseppe

index="1**" source="2***"
| rex "(?ms)statusCode: (?<status_code>\d+)" 
| stats count by statusCode
| appendcols [ search 
   index="1**" source="2**" "republish event"
   | stats dc(event.body) AS totalrequest ]

Hi @gcusello With the above query i get only statuscode count either 200 or 400....but the append search totalrequest  is not mapped to a color

Ok, I don't understand why you want to do this, anyway, please try this:

index="1**" source="2***"
| rex "(?ms)statusCode: (?<statusCode>\d+)" 
| stats count by statusCode
| append [ search 
   index="1**" source="2**" "republish event"
   | stats dc(event.body) AS totalrequest 
   | eval statusCode="totalrequest"
   | fields statusCode totalrequest ]

beware that statusCode muste be the same in rex and stats!

Ciao.

Giuseppe

Hi @gcusello 
With the provided query i am able to get a column chart  which shows total no of request,200 statuscode,400 statuscode,500 statuscode.But how can i show 200 as green ,400 as orange,500 as red...
Tried below option inside the source but unable to get the colors in column chart...
<option name="charting.chart">column</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.drilldown">all</option>
        <option name="charting.fieldColors">{"200":0xFF0000,201:0x33ff00,204:0x66ff00,303:0xffaa00,304:0xffff00,404:0xff0000}</option>
        <option name="charting.legend.placement">right</option>

Hi @nithys,

this is a different question even if on the same search and you can find many answers to this question in Community ans, as always I hint to open a new question in Community to have a faster and probably better answer.

Anyway, you can assign fixed colours to you values by GUI or on the dashboard code:

by GUI opening you dashboard in Edit mode and clicking on the pencil on the right top of the panel, then choosing colours.

by code customizing for your requirements this code:

<option name="charting.fieldColors">{"Total":"Total",0x333333,"400":0xd93f3c,"200Healthy":0x65a637}</option>

Ciao.

Giuseppe

Thanks @gcusello 
Below query matches the correct count of all the statuscode

" rex "(?ms)statusCode: (?<status_code>\d+)" | stats count by statusCode | table statusCode,count"