Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk map size of Piechart/How to remove field from pie portion in splunk map

disha
Contributor
‎10-29-2014 08:04 AM

Hi..I have little tricky requirement. I need to display health score of device by Location as "Good" "Bad" and "Fair" on Splunk Map.
But the Size of Pie should be depends upon usercount. and portion of pies should be only Good Fair or Bad. I wrote the query but It is taking Usercount also as a portion of pie. I ned to remove that but Still I want size according to user count.
Intersting fact is : Good+Bad+Fair != Usercount as Usercount is population not the people who are using that app.

Search query is :
|inputlookup network_mapping_file.csv|fields latitude,longitude,UserCount|geostats latfield=latitude longfield=longitude max(UserCount) as UserCount |appendcols[search index=ms sourcetype=transaction | join inner hostname[|inputlookup network_mapping_file.csv|fields hostname,latitude,longitude,UserCount] | search transaction="StaticFile3MB" | eval secs=round(duration/1000) | rangemap field=secs Good=0-3 Fair=3-4 Bad=4-2000 | geostats latfield=latitude longfield=longitude count by range]alt text

Please suggest how I can determine the size of pie according to usercount without using it in portion of pie. As in image..Blue is User count . I need to remove that and just want to display Green red and yellow in pie.

Thanks,
Disha

Tags (3)
Preview file
1 KB
0 Karma
Reply

Venkat_16
Contributor
‎06-15-2015 03:11 AM

instead of using a rangemap try using eval and case condition, i would call it something like:

eval severity=case(secs<1 AND secs>3,"Good",secs<=3 AND secs>4,"Fair",secs<=4 AND secs>2000,"worse") | geostats latfield=latitude longfield=longitude count by severity

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...