Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Piechart split for selected hostname?

super_edition
Path Finder
‎07-06-2023 03:16 AM

Hello Everyone,

I am trying to create piechart for cache operation split(in percentage) for hit/miss/pass using the below query for the selected hostname:

 

index="my_index" openshift_container_name="container" 
| eval description=case(handling == "hit","HIT", handling == "miss","MISS", handling == "pass","PASS")
| search hostname="int-ie-yyp.grp"
| addtotals
| eval cache_hit=round(100*HIT/Total,1)
| eval cache_miss=round(100*MISS/Total,1)
| eval cache_pass=round(100*PASS/Total,1)

 


When I try with:

 

| stats values(cache_hit) as cacheHit values(cache_miss) as cacheMiss values(cache_pass) as cachePass by description

 

 no data is generated.

super_edition_0-1688638043231.png

However when I try for count it works:

 

| stats count by description

 

super_edition_1-1688638447379.png

Can someone please help.

 



Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-06-2023 03:27 AM 
| stats count by description
| eventstats sum(count) as Total
| eval percent=100*count/Total
| fields description percent

View solution in original post

0 Karma
Reply
Solved! Jump to solution

super_edition
Path Finder
‎07-06-2023 04:32 AM

Its working as expected. Thank you @ITWhisperer 

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-06-2023 03:27 AM 
| stats count by description
| eventstats sum(count) as Total
| eval percent=100*count/Total
| fields description percent
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...