Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Multiple queries on pivot report

jugarugabi
Path Finder
‎01-27-2021 02:53 AM

Hello, 

I have the following search string: 

 

index = app_events_dbdetect_actimize_event_us_uat sourcetype = txndata | rangemap field=Time_taken_AIS_tomcat 0s-to-0.05s=0-50 0.05s-to-0.10s=51-100 0.10s-to-0.15s=101-150 0.15s-to-0.20s=151-200 0.20s-to-0.30s=201-300 0.30s-to-0.50s=301-500 0.50s-to-1s=501-1000 1s-to-2s=1001-2000 2s-to-3s=2001-3000 3s-to-5s=3001-5000 5s-to-30s=5001-30000 >30s=30001-99999

 

 Which is passed to a pivot table as a dataset. 

The output is like this:

pivot.JPG

Now, there are some things that I want to know: 

a) how can I sort the Column Values to be fraasdetppu1, fraasdetppu2, fraasdetppu10, fraasdetppu20...? It currently displays the information as fraasdetppu1, fraasdetppu10, fraasdetppu2, fraasdetppu21...

b) If the output has 0 values for 0s to 0.05s (for example), can I have it displayed here? I cannot seem to find where to get them displayed even if the "scored" items are 0 for the other ranges.

c) The grey line that has the totals shown for each server: can I add custom text under "scored" column?

d) Can a "Total" column be added right before the server names? It needs to sum up the count values of each server, for that specific "scoring" speed. 

Thank you!

Labels (1)
Labels
0 Karma
Reply

jugarugabi
Path Finder
‎01-27-2021 11:02 AM

Tried with the search query: 

index = app_events_dbdetect_actimize_event_us_uat sourcetype = txndata | rangemap field=Time_taken_AIS_tomcat 0s-to-0.05s=0-50 0.05s-to-0.10s=51-100 0.10s-to-0.15s=101-150 0.15s-to-0.20s=151-200 0.20s-to-0.30s=201-300 0.30s-to-0.50s=301-500 0.50s-to-1s=501-1000 1s-to-2s=1001-2000 2s-to-3s=2001-3000 3s-to-5s=3001-5000 5s-to-30s=5001-30000 >30s=30001-99999 | fillnull range value=NULL

but this didn't helped either. 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...