Solved: Piechart split for selected hostname?

super_edition · ‎07-06-2023

Hello Everyone,

I am trying to create piechart for cache operation split(in percentage) for hit/miss/pass using the below query for the selected hostname:

index="my_index" openshift_container_name="container" 
| eval description=case(handling == "hit","HIT", handling == "miss","MISS", handling == "pass","PASS")
| search hostname="int-ie-yyp.grp"
| addtotals
| eval cache_hit=round(100*HIT/Total,1)
| eval cache_miss=round(100*MISS/Total,1)
| eval cache_pass=round(100*PASS/Total,1)

When I try with:

| stats values(cache_hit) as cacheHit values(cache_miss) as cacheMiss values(cache_pass) as cachePass by description

no data is generated.

However when I try for count it works:

| stats count by description

Can someone please help.

ITWhisperer · ‎07-06-2023

| stats count by description
| eventstats sum(count) as Total
| eval percent=100*count/Total
| fields description percent

View solution in original post

super_edition · ‎07-06-2023

Its working as expected. Thank you @ITWhisperer

ITWhisperer · ‎07-06-2023

| stats count by description
| eventstats sum(count) as Total
| eval percent=100*count/Total
| fields description percent

Piechart split for selected hostname?

chart

stats

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation