Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Pareto charting of sensor data

twistedsixty4
Path Finder
‎02-05-2014 10:46 AM

hey everyone,
I'm working with a lot of sensor data and i have been trying to develop a pareto chart to look at the problem children if you will, so our maintenence team can know what devices to focus on. for those of you unfamiliar with Pareto's Principle, it basically states that 80% of your problems stem from 20% of your causes.
http://en.wikipedia.org/wiki/Pareto_principle#In_software

what I want is a scatter plot where the points are the device name, the y-axis is the percentage of total alarms, and the x-axis is the percentage of total devices. but I'm not entirely sure how to get there, here is what I have. thanks for the help.

class=incident subclass=problem incident_problem_type=alarm | eventstats count by unique_unit_name | stats count(unique_unit_name) as count_of_units | eval sum(count) as total
0 Karma
Reply

technoe
Explorer
‎02-05-2014 12:22 PM

I would consider using timechart to create a pie chart of the number of incidents. Also, I've never used NOT to ignore a value, but instead I would use:

incident_problem_type=alarm incident_problem_type!=camera
0 Karma
Reply

twistedsixty4
Path Finder
‎02-05-2014 02:13 PM

you can ignore the not camera statement, i use it only so i can see the data i'm evaluating, its not a problem type, but exists inside the alarm problem set.

also this doesn't answer my question, i can do a pie chart of incidents very easily, but its not what i want in the sense of development.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...