Dashboards & Visualizations

How to add static data in graph with dynamic result

wcastillocruz
Path Finder

Hello dear community,

I absolutely need your help.
I have the following research which allows me to perform an availability calculation.

index=index (severity=2 OR severity=0 OR severity="-1")
| eval ID=Env+"_"+Apps+"_"+Function+"_"+varname
| addinfo
| eval periode=info_max_time-info_min_time
| transaction ID startswith=(severity=2) maxevents=2
| eval start_time=mvindex(timestamp,0), end_time=mvindex(timestamp,1)
| stats sum(duration) AS duration_indispo by Function, periode
| eval Percent_Available = round((periode-duration_indispo)*100/periode,3)
|rename Function AS "Applications"
| fillnull value=100.00
|table Applications, Percent_Available

 

my research calculates the unavailability of each function (applications) the problem is that I have a button to select the period (previous year, previous month, previous week ... etc) I have exactly 5 functions for which I want to calculate availability but depending on the period chosen it is possible that one or more applications do not return any result and if I display the result on a graph then the applications without result are not taken into account in my graph. how I can do to statically enter the name of my 5 functions and display the results dynamically if the result is not null or display 100% if the result is null.
fillnull value = 100.00 does not work in this case

 

wcastillocruz_0-1612797690460.png

 

Labels (3)
Tags (2)
0 Karma
1 Solution

renjith_nair
SplunkTrust
SplunkTrust

You may use a lookup to define the desired functions and append to the existing result.

However, if the number of functions is less (5), then try this and replace the Application 1.. Application 5 with your application list.

ie. eval Applications=" Add your application list "

index=index_sqlprod-itrs_toc (severity=2 OR severity=0 OR severity="-1")
| eval ID=Env+"_"+Apps+"_"+Function+"_"+varname
| addinfo
| eval periode=info_max_time-info_min_time
| transaction ID startswith=(severity=2) maxevents=2
| eval start_time=mvindex(timestamp,0), end_time=mvindex(timestamp,1)
| stats sum(duration) AS duration_indispo by Function, periode
| eval Percent_Available = round((periode-duration_indispo)*100/periode,3)
|rename Function AS "Applications"
|append [|stats count|eval Percent_Available=100|eval Applications="Application 1,Application 2,Application 3,Application 4,Application 5"|makemv Applications delim=","|mvexpand Applications]
|stats min(Percent_Available) as Percent_Available by Applications
|table Applications, Percent_Available

 

View solution in original post

renjith_nair
SplunkTrust
SplunkTrust

You may use a lookup to define the desired functions and append to the existing result.

However, if the number of functions is less (5), then try this and replace the Application 1.. Application 5 with your application list.

ie. eval Applications=" Add your application list "

index=index_sqlprod-itrs_toc (severity=2 OR severity=0 OR severity="-1")
| eval ID=Env+"_"+Apps+"_"+Function+"_"+varname
| addinfo
| eval periode=info_max_time-info_min_time
| transaction ID startswith=(severity=2) maxevents=2
| eval start_time=mvindex(timestamp,0), end_time=mvindex(timestamp,1)
| stats sum(duration) AS duration_indispo by Function, periode
| eval Percent_Available = round((periode-duration_indispo)*100/periode,3)
|rename Function AS "Applications"
|append [|stats count|eval Percent_Available=100|eval Applications="Application 1,Application 2,Application 3,Application 4,Application 5"|makemv Applications delim=","|mvexpand Applications]
|stats min(Percent_Available) as Percent_Available by Applications
|table Applications, Percent_Available

 

View solution in original post

wcastillocruz
Path Finder

@renjith_nair

What lookup could I have used if I had a high number of applications? so as not to have to create them manually. could you give me an example pleas?

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Create a look up with Header  "Applications" and  add all your applications under that

Refer that in the search 

your search
| eval Percent_Available = round((periode-duration_indispo)*100/periode,3)
|rename Function AS "Applications"
|inputlookup append=true applications.csv
|fillnull Percent_Available value=100
|stats min(Percent_Available) as Percent_Available  by Applications

 

wcastillocruz
Path Finder

hi @renjith_nair
I added the following lines and it works:

|append [| makeresults 1 | eval liste="ICS SPEAKER BUS" |table liste ]
|append [| makeresults 1 | eval liste="ENREGISTREMENT TELEPHONIE" |table liste ]
|append [| makeresults 1 | eval liste="OTMS ALCATEL" |table liste]
|append [| makeresults 1 | eval liste="OXE WORLDWIDE" |table liste]

thank you

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!