Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Pie chart displaying "other(n)" and "OTHER" fields.

robettinger
Explorer
‎08-28-2017 05:02 AM

Hi,

I am creating a pie chart which shows the top logon count but unfortunatelly the system is showing two different types of "Others", one if "OTHER" and "other (n)".

This is my query:

... base search | top 10 User useother=true.

alt text

Does anyone know why this happening? It doesn't happen all the time, though. Sometimes only the "OTHER" value is present.

Thank you.

Preview file
9 KB
Reply
1 Solution
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎08-28-2017 05:32 AM

It is because the pie slices are two small that they put them together into other (2)
If you go into Format, you can change the slice size for when there are more than 10 slices (in your case there would be 11, with the useother argument for top 10). I tested changing some of my own data to .5 and that seemed to work.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎08-28-2017 05:32 AM

It is because the pie slices are two small that they put them together into other (2)
If you go into Format, you can change the slice size for when there are more than 10 slices (in your case there would be 11, with the useother argument for top 10). I tested changing some of my own data to .5 and that seemed to work.

0 Karma
Reply
Solved! Jump to solution

robettinger
Explorer
‎08-28-2017 05:37 AM

Bingo! Thank you!

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎08-28-2017 06:21 AM

@cmerriman, the Minimum Size can be set to zero (0) as well to always show all slices.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

ab81428
Path Finder
‎08-28-2017 05:27 AM

Hi Robettinger,

If use just - "top 10 User" one other record will go. "useother=true is creating new record.

I hope this will help you.

Reply
Solved! Jump to solution

robettinger
Explorer
‎08-28-2017 05:32 AM

Hi,

if I remove the "useother" both "Other" disappear and this would not reflect my use case. 😞 I would like to have only one other which accounts to the total number of remainning logons from other users.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...