Solved: Re: How to view percentages in column chart instea...

HeinzWaescher · ‎07-30-2014

Hi,

I'm using a column visualization and the stack mode "100%". It would be nice to have the percentages in the chart instead of total values. Is this possible without calculating the percentages in the search?

BR

Heinz

martin_mueller · ‎08-01-2014

Calculating that in search isn't hard though:

index=_internal | timechart count by sourcetype | addtotals fieldname=_Total | foreach * [eval <<FIELD>> = '<<FIELD>>' * 100 / _Total] | fields - _Total

You can move the addtotals | foreach | fields into a macro and reuse it.

View solution in original post

martin_mueller · ‎08-01-2014

Calculating that in search isn't hard though:

index=_internal | timechart count by sourcetype | addtotals fieldname=_Total | foreach * [eval <<FIELD>> = '<<FIELD>>' * 100 / _Total] | fields - _Total

You can move the addtotals | foreach | fields into a macro and reuse it.

HeinzWaescher · ‎08-04-2014

Awesome, didn't know it can be done so easy. Thanks!

martin_mueller · ‎08-01-2014

I don't think so.

How to view percentages in column chart instead of total values without calculating percentages in search?

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Join the Conversation

How to view percentages in column chart instead of total values without calculating percentages in search?

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events