How to create a pie chart after applying math on c...

sjs · ‎01-11-2023

Hey people, my requirement is as such

I have extracted these columns from my data using the query

my query | rex "filterExecutionTime=(?<FET>[^,]+)" | rex "ddbWriteExecutionTime=(?<ddbET>[^)]+)" | rex "EXECUTION_TIME : (?<totalTime>[^ ms]+)" | eval buildAndTearDowTime=(tonumber(FET)) + (tonumber(ddbET)) |table totalTime FET ddbET buildAndTearDownTime

I want to have buildAndTearDown as totalTime - (FET+ ddbET)

once I have all the three values required (FET, ddbET, buildAndTearDown) I want to put these values in a pie chart.

Thanks 😊

scelikok · ‎01-17-2023

Hi @sjs ,

You have a typo in your eval , you are missing n in buildAndTearDown, please try below;

my query 
| rex "filterExecutionTime=(?<FET>[^,]+)" 
| rex "ddbWriteExecutionTime=(?<ddbET>[^)]+)" 
| rex "EXECUTION_TIME : (?<totalTime>[^ ms]+)" 
| eval buildAndTearDownTime=(tonumber(FET)) + (tonumber(ddbET)) 
| table totalTime FET ddbET buildAndTearDownTime

If this reply helps you an upvote and "Accept as Solution" is appreciated.

sjs · ‎01-12-2023

Hey people, Can I get some help

sjs · ‎01-11-2023

This statement

eval buildAndTearDowTime=(tonumber(FET)) + (tonumber(ddbET))

is giving me null value

How to create a pie chart after applying math on column values extracted?

chart

stats

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?