Splunk Search

pie chart problems

a212830
Champion

Hi,

I'm trying to create a pie chart and running into unexpected problems. I have a search that gives me the proper information, but when i try to put it in a pie chart, it's empty. The search is:
source="hpna_source.csv" Rule="bootp" |stats count by Rule, Rule_Compliance

I want to show pie chart with the totals of each Rule_Compliance values (yes and no). The results gives me the information, but I can't get it to appear in a pie chart.

Tags (3)
0 Karma

emiller42
Motivator

The problem is that the data you're outputting isn't something that can be represented as a pie chart. A pie chart expects pairs of label:value, while you're giving it triads. (label_a, label_b, value)

To make this work, you could just create a new field that's a concatenation of the 'Rule' and 'Rule_Compliance' fields, and then chart with that.

Something like:

source="hpna_source.csv" Rule="bootp" | eval new_field=Rule + " - " + Rule_Compliance | stats count by new_field

Of course, since you're already narrowing results down to one Rule in the initial search, the above isn't really necessary, and you can just do the following:

source="hpna_source.csv" Rule="bootp" | stats count by Rule_Compliance
0 Karma

ravikanthbadugu
New Member

I have tried the Eval method and that worked for me.
Thank you.

0 Karma

Simeon
Splunk Employee
Splunk Employee

If you have only one rule, and two values for compliance, you probably need to do a stats count by Rule_Compliance.

0 Karma
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...