Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to breakdown errors in charts group by error codes in error tables or list?

Khanu89
Path Finder
‎04-15-2022 09:26 AM

Hello - I am a new Splunk user and learning as I go. My current task is to breakdown Errors/Exceptions in chart group by error codes in error tables or list.

current query: My current query  only returns null values.

index= (index name) host=(hostname)

| timechart count by error

Labels (4)
Labels
Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Gr0und_Z3r0
Contributor
‎04-21-2022 05:29 PM

Hi @Khanu89 

For your pie-chart, in the xml code add the following option configuration.

<option name="charting.chart.showPercent">1</option>


You should be able to see the percentage details against each category in the chart.
Something like below.

Gr0und_Z3r0_0-1650587337249.png

If it helps, Karma vote is appreciated

 

View solution in original post

Reply
Solved! Jump to solution
Solution

Gr0und_Z3r0
Contributor
‎04-21-2022 05:29 PM

Hi @Khanu89 

For your pie-chart, in the xml code add the following option configuration.

<option name="charting.chart.showPercent">1</option>


You should be able to see the percentage details against each category in the chart.
Something like below.

Gr0und_Z3r0_0-1650587337249.png

If it helps, Karma vote is appreciated

 

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-15-2022 09:51 AM

It sounds like error is not a field that has been extracted from your events.

Can you share some sample events, assuming you need help extracting the error field?

0 Karma
Reply
Solved! Jump to solution

Khanu89
Path Finder
‎04-15-2022 10:03 AM

Here is a example from my dashboard.

Khanu89_0-1650042084627.png

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-15-2022 11:07 AM

What fields do you already have extracted?

You don't appear to have a field called error (note that field names are case sensitive).

Assuming that the fields that appear to be in your event, you could try

| stats count by ErrorCode
0 Karma
Reply
Solved! Jump to solution

Khanu89
Path Finder
‎04-21-2022 03:03 PM

@ITWhisperer I am running the following which breaks down different categories but how can I break down the Error type to percentage of errors such as 20% 404, 15% 503 etc..

index=epic_ehr
|stats count by Type

Screen Shot 2022-04-21 at 5.02.30 PM.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...