Show percentage on pie chart out of 100%

trever · ‎05-05-2020

I have event logs with a % in them and I want to break them apart and show them on their own:

My event log looks like this:

Tue May  5 12:55:01 PDT 2020
/dev/sde2        9460988  7233068   1751044  81% /Volumes/Media 2
/dev/sdc1       13245631 12470714    107304 100% /Volumes/Media

Id like to turn it into this:

But with it showing the %'s as a total out of 100% (so 100% used and 81% used)

to4kawa · ‎05-05-2020

| makeresults 
| eval _raw="Tue May  5 12:55:01 PDT 2020
 /dev/sde2        9460988  7233068   1751044  81% /Volumes/Media 2
 /dev/sdc1       13245631 12470714    107304 100% /Volumes/Media"
| multikv noheader=t
| tail 2
| fields _raw
| rex "(?<device>\S+)\s+(?<total>\S+)\s+(?<usage>\S+)\s+(?<rest>\S+)\s+(?<perc>\S+)\s+(?<media>.*)"
| table device total usage rest perc media
| rename COMMENT as "this is sample"
| table device usage rest
| untable device disk_usage value
| stats values(value) as value by device disk_usage

sorry, I can't display 100%

tauliang · ‎05-05-2020

Like this one?

https://answers.splunk.com/answers/72028/disk-space-pie-charts-from-df-script-in-unix-app.html

Show percentage on pie chart out of 100%

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!