How to create 2 pie charts on license usage by ind...

athorat · ‎10-02-2015

Hi

We are using a search which we got from Answers to calculate license usage:

index=_internal source=*license_usage.log* type=Usage | timechart span=1d sum(b) as bytes | eval GB = round(bytes/1024/1024/1024,5) | fields _time GB

There is field called idx which gives the list of indexes in Splunk.

How do I create a pie chart for indexes which start with "np_" which are the non prod indexes eg : np_Webserver and another pie chart for all the prod indexes?

maciep · ‎10-02-2015

So you just want to create two pie charts - one for prod indexes and one for non-prod? And the slices would be actual indexes based on how much was indexed?

If so maybe something like these:

Non-prod

index=_internal source=*license_usage.log* type=Usage idx=np_* | stats sum(b) as bytes by idx | eval GB = round(bytes/1024/1024/1024,5) | fields idx GB

Prod

index=_internal source=*license_usage.log* type=Usage idx!=np_* | stats sum(b) as bytes by idx | eval GB = round(bytes/1024/1024/1024,5) | fields idx GB

How to create 2 pie charts on license usage by index, one chart for production indexes and another for non-production indexes?

license

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Are you a member of the Splunk Community?

How to create 2 pie charts on license usage by index, one chart for production indexes and another for non-production indexes?

license

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management