Solved: Stack Dashboard with 3 values

shahbaz · ‎01-27-2022

Hi,

I have a json event like below, for each "Build Version" which runs on weekly/daily basis it will try to install different apps ("appName" in json) reports the app's "Application install status" as "success" or "failure, similarly for "Application launch status" and "apkAnalysed" status as "Analysed" or "Not Analysed"

Now I want a dashboard that looks like below, for each "Build Version" how many have success ,failure status and "apkAnalysed" status as "Analysed" in 3 stacks.

is this possible in splunk, i have tried plotting using chart option but it doesn't help

{
    "Device Details": {
        "Device": "" ,
        "Build Version": "build_01",
        "Application install status": "success",
        "Application launch status": "Success"
    },
    "apkAnalysed": "Analysed",
    "id": "googleplay",
    "appName": "whatsapp", 
    "appStore": "googleplay",
    "timeStamp": 0,
    "md5sum": "",
    "packageName": "",
    "date": "2021-12-09",
    "downloadPath": "https: xxxx",
    "apkAnalytics": ""
}

TIA

ITWhisperer · ‎01-27-2022

Do you mean something like this?

| makeresults count=10000
| eval _raw="{
    \"Device Details\": {
        \"Device\": \"\" ,
        \"Build Version\": \"build_".printf("%02d",random()%10)."\",
        \"Application install status\": \"".mvindex(split("success|failure","|"),random()%2)."\",
        \"Application launch status\": \"".mvindex(split("success|failure","|"),random()%2)."\"
    },
    \"apkAnalysed\": \"".mvindex(split("Not |","|"),random()%2)."Analysed\",
    \"id\": \"googleplay\",
    \"appName\": \"whatsapp\", 
    \"appStore\": \"googleplay\",
    \"timeStamp\": 0,
    \"md5sum\": \"\",
    \"packageName\": \"\",
    \"date\": \"2021-12-09\",
    \"downloadPath\": \"https: xxxx\",
    \"apkAnalytics\": \"\"
}"
| spath "Device Details.Build Version" output=BuildVersion
| spath "Device Details.Application install status" output=InstallStatus
| spath "Device Details.Application launch status" output=LaunchStatus
| spath "apkAnalysed"
| stats count(eval(apkAnalysed="Analysed")) as Analysed count(eval(InstallStatus=="success")) as InstallSuccess count(eval(LaunchStatus=="success")) as LaunchSuccess by BuildVersion

View solution in original post

ITWhisperer · ‎01-27-2022

Do you mean something like this?

| makeresults count=10000
| eval _raw="{
    \"Device Details\": {
        \"Device\": \"\" ,
        \"Build Version\": \"build_".printf("%02d",random()%10)."\",
        \"Application install status\": \"".mvindex(split("success|failure","|"),random()%2)."\",
        \"Application launch status\": \"".mvindex(split("success|failure","|"),random()%2)."\"
    },
    \"apkAnalysed\": \"".mvindex(split("Not |","|"),random()%2)."Analysed\",
    \"id\": \"googleplay\",
    \"appName\": \"whatsapp\", 
    \"appStore\": \"googleplay\",
    \"timeStamp\": 0,
    \"md5sum\": \"\",
    \"packageName\": \"\",
    \"date\": \"2021-12-09\",
    \"downloadPath\": \"https: xxxx\",
    \"apkAnalytics\": \"\"
}"
| spath "Device Details.Build Version" output=BuildVersion
| spath "Device Details.Application install status" output=InstallStatus
| spath "Device Details.Application launch status" output=LaunchStatus
| spath "apkAnalysed"
| stats count(eval(apkAnalysed="Analysed")) as Analysed count(eval(InstallStatus=="success")) as InstallSuccess count(eval(LaunchStatus=="success")) as LaunchSuccess by BuildVersion

Stack Dashboard with 3 values

chart

Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms