Splunk Search

How to combine results to display in a pie chart?

Yy4pb
Explorer

Hello Community,

I am having issues combining results to display in a pie chart - I tried a few things such as mvappend and it's not working correctly.

I have pulled a list of Domains and want to display them in a pie chart. To get the list of domains and display them in a chart I am using the following:

 

 

rex field=netbiosName "^(?<Domain>[^\\\\]+)" | stats count by Domain

 

 

This works as intended, but I have a couple of results that come up as both 'domain1' and 'domain1.com' and are displayed in the pie chart. I would like to combine these results, so that the count for both 'domain1' and 'domain1.com' is added together under just 'domain1'

Thanks

Labels (2)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
| rex field=netbiosName "^(?<Domain>[^\\\\]+)" 
| eval Domain=if(Domain="domain1.com","domain1",Domain)
| stats count by Domain

View solution in original post

ITWhisperer
SplunkTrust
SplunkTrust

Are you looking to keep just the first part of all domains, or drop the last part of all domains, or remove just .com if it exists from all domains, or change a specific set of domain.com to domain?

Yy4pb
Explorer

I need to combine the results - so like

14 domain1
10 domain1.com

I need:

24 domain1

 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
| rex field=netbiosName "^(?<Domain>[^\\\\]+)" 
| eval Domain=if(Domain="domain1.com","domain1",Domain)
| stats count by Domain

Yy4pb
Explorer

Works exactly as I wanted - thank you!

0 Karma
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...