Solved: Is it possible to fill automatically a chart radar...

jip31 · ‎02-15-2022

hi

I would like to know if it is possible to display automatically a chart radar from a lookup?

radar.csv is the result of a scheduled search

there is 3 fields in this csv : "sig_app" which correspond to the radar "key" field, sig_cat which correspond to the radar "axis" field and count which correspond to the radar "value" field

is it possible to do this or not?

thanks

| inputlookup radar.csv 
| eval sig_app=key
| eval sig_cat=axis
| eval count=value 
| eval key="Actions", AAA=.37, BBB=8.64, CCC=2.56, DDD=1.68, EEE=4.992
| untable key,"axis","value" 
| eval keyColor="magenta"

somesoni2 · ‎02-15-2022

Try like this

| inputlookup radar.csv 
| rename sig_app as key, sig_cat as axis, count as value 
| eval keyColor="magenta"

View solution in original post

somesoni2 · ‎02-15-2022

Try like this

| inputlookup radar.csv 
| rename sig_app as key, sig_cat as axis, count as value 
| eval keyColor="magenta"

Is it possible to fill automatically a chart radar from a lookup?

configuration

using Splunk Enterprise

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Are you a member of the Splunk Community?