Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to view percentages in column chart instead of total values without calculating percentages in search?

HeinzWaescher
Motivator
‎07-30-2014 07:51 AM

Hi,

I'm using a column visualization and the stack mode "100%". It would be nice to have the percentages in the chart instead of total values. Is this possible without calculating the percentages in the search?

BR

Heinz

Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎08-01-2014 02:51 PM

Calculating that in search isn't hard though:

index=_internal | timechart count by sourcetype | addtotals fieldname=_Total | foreach * [eval <<FIELD>> = '<<FIELD>>' * 100 / _Total] | fields - _Total

You can move the addtotals | foreach | fields into a macro and reuse it.

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎08-01-2014 02:51 PM

Calculating that in search isn't hard though:

index=_internal | timechart count by sourcetype | addtotals fieldname=_Total | foreach * [eval <<FIELD>> = '<<FIELD>>' * 100 / _Total] | fields - _Total

You can move the addtotals | foreach | fields into a macro and reuse it.

View solution in original post

Reply
Solved! Jump to solution

HeinzWaescher
Motivator
‎08-04-2014 01:37 AM

Awesome, didn't know it can be done so easy. Thanks!

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎08-01-2014 02:40 PM

I don't think so.

Reply
The Latest From the Splunk Community!