Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Metrics in chart

sizemorejm
Explorer
‎07-12-2023 05:58 AM

I am trying to use a radial gauge graph in order to show a % using avg(cpu_metric.Idle). However, I want the "reverse" value of the cpu_metric.Idle. So what I am attempting to do is

| mstats .................. hostname.......... | chart count(eval( 100 - avg(cpu_metric.Idle)) as name

 

Basically I am trying to show " 100 - avg(cpu_metric.Idle)" on a gauge and the only way for me to get the new value is doing "  | chart avg(cpu_metric.Idle) as name | eval new = 100 - name "  but I cant put the eval value onto a chart. 

Labels (1)
Labels
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎07-13-2023 03:57 AM

Now sure why you cannot put the eval value onto a chart, but chart may not be necessary.  There are multiple ways to do this.  If you want to use chart command after mstats, do this

| mstats avg(cpu_metric.Idle) as cpu_metric.Idle where .................. hostname..........
| chart values(eval( 100 - cpu_metric.Idle)) as name

 Alternatively, and perhaps slightly more efficiently, you can do simple eval

| mstats avg(cpu_metric.Idle) as name where .................. hostname..........
| eval name = 100 - name
0 Karma
Reply

sizemorejm
Explorer
‎07-13-2023 06:03 AM

For both set, I get an error saying "No results found. Try expanding the time range.

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎07-13-2023 03:35 PM

Then it's a question about your data source.  Are you sure metric cpu_metric.Idle exists?  Do you know which index (indices) is(are) metrics index/indices?  Forget that remainder.  What does this give you?

| mstats avg(cpu_metric.Idle) as name where index=my_metrics_index

If this also has no result, examine your data source deeper.

| mstats avg(cpu_metric.Idle) as name where index=my_metrics_index​
| foreach *
    [eval metrics = mvappend(metrics, "<<FIELD>>")]
| table metrics

Do you have any metrics index at all?  In fact, why did you show an invalid mstats command in the original description?  I'm just trying to follow your original logic.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...