Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a pie chart after applying math on column values extracted?

sjs
Path Finder
‎01-11-2023 01:25 AM

Hey people, my requirement is as such

sjs_0-1673428861777.png

I have extracted these columns from my data using the query 

 

my query | rex "filterExecutionTime=(?<FET>[^,]+)" | rex "ddbWriteExecutionTime=(?<ddbET>[^)]+)" | rex "EXECUTION_TIME : (?<totalTime>[^ ms]+)" | eval buildAndTearDowTime=(tonumber(FET)) + (tonumber(ddbET)) |table totalTime FET ddbET buildAndTearDownTime

 

 

I want to have buildAndTearDown as totalTime - (FET+ ddbET)

 

once I have all the three values required (FET, ddbET, buildAndTearDown) I want to put these values in a pie chart.

 

Thanks 😊 

Labels (2)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎01-17-2023 10:32 PM

Hi @sjs ,

You have a typo in your eval , you are missing in buildAndTearDown, please try below;

my query 
| rex "filterExecutionTime=(?<FET>[^,]+)" 
| rex "ddbWriteExecutionTime=(?<ddbET>[^)]+)" 
| rex "EXECUTION_TIME : (?<totalTime>[^ ms]+)" 
| eval buildAndTearDownTime=(tonumber(FET)) + (tonumber(ddbET)) 
| table totalTime FET ddbET buildAndTearDownTime

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply

sjs
Path Finder
‎01-12-2023 08:03 PM

Hey people, Can I get some help

0 Karma
Reply

sjs
Path Finder
‎01-11-2023 01:26 AM

This statement 

eval buildAndTearDowTime=(tonumber(FET)) + (tonumber(ddbET))

is giving me null value

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...