How to edit my search to get the output to show on...

TJ0214 · ‎10-20-2015

I am trying to show the total amount of space we are using in a box right now for a dashboard. Here is my following serach, but I can't get the output to show on the needle. I was hoping it would work. Any ideas?

index=es_sec_box_ko sourcetype="box:users" | eval spaceUsed_GB=(space_used/1024/1024/1024) | where spaceUsed_GB >0 |stats latest(spaceUsed_GB) as spaceUsed_GB count by login |addcoltotals | sort -spaceUsed_GB

Thanks!

somesoni2 · ‎10-20-2015

Try something like this (little optimization done as well)

index=es_sec_box_ko sourcetype="box:users" space_used>0 |stats latest(space_used) as space_used by login  | eval spaceUsed_GB=(space_used/1024/1024/1024)| stats sum(spaceUsed_GB) as spaceUsed_GB

woodcock · ‎10-20-2015

Try this:

index=es_sec_box_ko sourcetype="box:users" | dedup login | eval spaceUsed_GB=(space_used/1024/1024/1024) | stats sum(spaceUsed_GB) as total_spaceUsed_GB

This will produce a single value that should display in your single-value visualization.

woodcock · ‎10-20-2015

What do you mean by "show on the needle"? If you mean some kind of single-value visualization, then you need to get rid of the by login part of your search because this causes stats to not produce a single value.

TJ0214 · ‎10-20-2015

Im sorry I meant the radial gauge for a dashboard option does that help?

TJ0214 · ‎10-20-2015

I took out by login and got no data.

How to edit my search to get the output to show on a radial gauge?

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!