Hi and thx for the answer.

The new field is added in statistics, but if press the visualisation tab it still shows a 100% fill of string1

Yes, I should have noticed that before. A Pie chart requires a specific type of input data. You can scroll down the Pie chart section of the Visualization Requirements documentation to see this. Or take my word for it, your choice. Your current data as you are doing it gets you values in multiple fields, like

Field1  Field2   Result
54        99          .4593

(I made up the numbers, they're not mathematically correct)

What you need it to look like is something more like

Field1    99
Field2    43

And, you don't really need the "Results" as we made them - or if you do, not necessarily for the same reason of making a pie chart with mouse-over statistics.

So how do we convert it to the right "looking" data?

sourcetype = Tweets | eval TweetMatches=case(match(_raw,"string1"), "string1", match(_raw, "string2"), "string2",1==1, "Other") | chart count by TweetMatches

I might have typoed something in there in my conversion from my own internal working sample to an example with your names, but otherwise that should create something close to what you want. Notice I included an "Other" field, you can drop off the entire end of that 1==1, "Other" if you don't want that, but I thought I would include that.

Then just check your Pie chart visualization and see what you think!

Many Thanks I have the piechart working now!. Indeed I miss some knowledge regarding the visualisation possibilities with Splunk 🙂