Solved: Piechart split for selected hostname?

super_edition · ‎07-06-2023

Hello Everyone,

I am trying to create piechart for cache operation split(in percentage) for hit/miss/pass using the below query for the selected hostname:

index="my_index" openshift_container_name="container" 
| eval description=case(handling == "hit","HIT", handling == "miss","MISS", handling == "pass","PASS")
| search hostname="int-ie-yyp.grp"
| addtotals
| eval cache_hit=round(100*HIT/Total,1)
| eval cache_miss=round(100*MISS/Total,1)
| eval cache_pass=round(100*PASS/Total,1)

When I try with:

| stats values(cache_hit) as cacheHit values(cache_miss) as cacheMiss values(cache_pass) as cachePass by description

no data is generated.

However when I try for count it works:

| stats count by description

Can someone please help.

ITWhisperer · ‎07-06-2023

| stats count by description
| eventstats sum(count) as Total
| eval percent=100*count/Total
| fields description percent

View solution in original post

super_edition · ‎07-06-2023

Its working as expected. Thank you @ITWhisperer

ITWhisperer · ‎07-06-2023

| stats count by description
| eventstats sum(count) as Total
| eval percent=100*count/Total
| fields description percent

Piechart split for selected hostname?

chart

stats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation