Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to breakdown errors in charts group by error codes in error tables or list?

Khanu89
Path Finder
‎04-15-2022 09:26 AM

Hello - I am a new Splunk user and learning as I go. My current task is to breakdown Errors/Exceptions in chart group by error codes in error tables or list.

current query: My current query  only returns null values.

index= (index name) host=(hostname)

| timechart count by error

Labels (4)
Labels
Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Gr0und_Z3r0
Contributor
‎04-21-2022 05:29 PM

Hi @Khanu89 

For your pie-chart, in the xml code add the following option configuration.

<option name="charting.chart.showPercent">1</option>


You should be able to see the percentage details against each category in the chart.
Something like below.

Gr0und_Z3r0_0-1650587337249.png

If it helps, Karma vote is appreciated

 

View solution in original post

Reply
Solved! Jump to solution
Solution

Gr0und_Z3r0
Contributor
‎04-21-2022 05:29 PM

Hi @Khanu89 

For your pie-chart, in the xml code add the following option configuration.

<option name="charting.chart.showPercent">1</option>


You should be able to see the percentage details against each category in the chart.
Something like below.

Gr0und_Z3r0_0-1650587337249.png

If it helps, Karma vote is appreciated

 

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-15-2022 09:51 AM

It sounds like error is not a field that has been extracted from your events.

Can you share some sample events, assuming you need help extracting the error field?

0 Karma
Reply
Solved! Jump to solution

Khanu89
Path Finder
‎04-15-2022 10:03 AM

Here is a example from my dashboard.

Khanu89_0-1650042084627.png

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-15-2022 11:07 AM

What fields do you already have extracted?

You don't appear to have a field called error (note that field names are case sensitive).

Assuming that the fields that appear to be in your event, you could try

| stats count by ErrorCode
0 Karma
Reply
Solved! Jump to solution

Khanu89
Path Finder
‎04-21-2022 03:03 PM

@ITWhisperer I am running the following which breaks down different categories but how can I break down the Error type to percentage of errors such as 20% 404, 15% 503 etc..

index=epic_ehr
|stats count by Type

Screen Shot 2022-04-21 at 5.02.30 PM.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...