Hi at all,
I tried to use this visualization to display a process tree and it runs, but I have an issue:
some leaves of the tree aren't displayed:
I have only around 1,900 rows, so I haven't the limit of 250,000 rows and neither the limit of 1,000 levels because I have max 5 levels.
What could it be the issue?
Thank you for your help.
Ciao.
Giuseppe
Hi @gcusello,
I started with the PCF Excel workbook published at https://www.apqc.org/resource-library/resource-listing/apqc-process-classification-framework-pcf-cro....
I exported the Combined sheet to a CSV file named pcf_combined.csv and uploaded the file to my Splunk instance as a new lookup file with the same name.
I started with the following search:
| inputlookup pcf_combined.csv
| eval id='Hierarchy ID'
| eval label='PCF ID'." - ".'Hierarchy ID'." ".Name
| rex field=id "(?<parentId>[^.]+\\..+)\\."
| table id label parentIdThe regular expression only extracts a parentId value for layer 3 and lower, i.e. x.y has a null parentId value, x.y.z has a parentId value of x.y, x.y.z.w has a parentId value of x.y.z, etc.
Hierarchy ID values are unordered. To allow Treeview Viz to sort nodes more naturally, I modified the label field:
| eval label='Hierarchy ID'." ".Name." [".'PCF ID'."]"The resulting visualization correctly displays all nodes:
I'm running Splunk Enterprise 9.3.0 and Treeview Viz 1.6.0.
One caveat: Top-level nodes without children are displayed as leaves, and the ordering could use some work. I don't know whether the viz supports an undocumented sort field similar to how tree visualizations in most UI toolkits support a sorting callback; I haven't looked at the source code.
