Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Intersect, Diff and Pie Chart

belka
Path Finder
‎01-09-2014 01:31 PM

I have a very large number of win7 machines. I pulled a CSV file from Active Directory, AD1.csv. I then created another CSV file from the deployment clients DC1.csv. What I want to do is compare the total number of clients with the number reporting in with deployment clients. I want a Pie Chart that is the total number of Win7 machines split between a slice that is the machines with deployment clients and a slice that are the machines without a deployment client.

I was experimenting with | set diff [inputlookup AD1.csv | fields hostname][inputlookup DC1.csv | fields hostname] Where I am stumped is how to make that into a pie chart. Any ideas? Thanks!

Tags (3)
0 Karma
Reply

somesoni2
Revered Legend
‎01-09-2014 01:41 PM

Try this 

|inputlookup AD1.csv | fields hostname | join type=left hostname [|inputlookup DC1.csv | fields hostname | eval hasDC="Y"] | eval hasDC=coalesce(hasDC,"N") | chart count(eval(hasDC="Y")) as HasDC, count(eval(hasDC="N")) as NoDC
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...