Re: How to make Pie chart display even if the retu...

priyansplunk · ‎03-25-2015

i want to display full green piechart when my total count is 0. And full yellow when my total count > 0 and <5
and Full red when totalcount >5.

I am getting the respective colour for Yellow and Red...but Green is not coming as the value is 0 and percentage covered is 0%??...

Any suggestion to make that display even if the value is zero?

bandit · ‎03-25-2015

Try setting this value to 0 which is no collapsing in the xml for the chart.

<option name="charting.chart.sliceCollapsingThreshold">0</option>

http://docs.splunk.com/Documentation/Splunk/6.2.2/Viz/ChartConfigurationReference#Pie_charts

priyansplunk · ‎03-25-2015

Tried that ....its not coming 😞

bandit · ‎03-25-2015

recommend pasting your search/relevant xml

priyansplunk · ‎03-25-2015

My Query-sourcetype="source1" "queue.1" OR "queue.2" OR "queue.2" | spath output=queueName path=qInfo.qName|spath output=pendingMsgCount path=qInfo.pendingMsgCount|dedup queueName|stats sum(pendingMsgCount) AS PendingMsgCount by _time queueName|
stats sum(PendingMsgCount) as Totalcount | eval Status=case(Totalcount=0, "Fine", Totalcount>=1 AND Totalcount<=10, "Warning", Totalcount>10, "Critical") |chart values(Totalcount) AS TotalCount by Status

Output
Status=Fine,TotalCount=0...I want the Full pie chart to be Green colour for this status or Total Count

If Status=Warning,TotalCount>0 and <5-Full Pie chart yellow..like wise...

Piechart should display the TotalCount too with respective colour.

Thanks in advance!

bandit · ‎03-25-2015

Note: There may be multiple ways to do this.
Here are some similar searches I have working using the range command to group into ranges.

some search | rangemap field=WaitTime 30=0-30 60=31-60 90=61-90 120=91-120 180=121-180 210=181-210 240=211-240 270=241-270 300=271-300 600=301-600 >600=601-10000 | stats count by range


sourcetype=jira_access | rex \s\d{3}\s\d(\d+)?\s(?\d(\d+)?)\s | eval jira_response_time=round((jira_response_time/1000),1) | search jira_response_time=* | rangemap field=jira_response_time "Meets SLA"=0-5 "Exceeds SLA"=5-1000000 | stats count by range

For the second example, I have the following xml to color red, green. You could probably add your own colors.

    <option name="charting.fieldColors">{"Meets SLA":0x008000,"Exceeds SLA":0xFF0000}</option>

priyansplunk · ‎03-25-2015

Rob...With only count i am getting coloured pie chart...

But i want for Status with respective msgcount in full colored pie chart..

bandit · ‎03-25-2015

seems you would want something like

| stats count by Status

and then use the charting option for the color coding

<option name="charting.fieldColors">{"Fine":0x008000,"Warning":0xFFFF00},"Critical":0xAC0030}</option>

I might be overlooking something.

priyansplunk · ‎03-26-2015

Thanks Rob.It seems difficult to get the Full green Pie chart without using count.

bandit · ‎03-26-2015

Possibly someone else may have another idea. You could also try using a gauge.

How to make Pie chart display even if the returned value is zero?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?