For my search result I have 2 columns i.e. operation name & counts. I want to do a pie chart that will contain operation name & percentage of occurence against total records
Try this
index=app-esp SourceSystemID="ESP-SMB" sourcetype="-FrontEnd" (ServiceName="SalesC" )
|stats count by ServiceOperationName
|eventstats sum(count) as total
|eval percentage=((count/total)*100)
|table ServiceOperationName,percentage
Try this
index=app-esp SourceSystemID="ESP-SMB" sourcetype="-FrontEnd" (ServiceName="SalesC" )
|stats count by ServiceOperationName
|eventstats sum(count) as total
|eval percentage=((count/total)*100)
|table ServiceOperationName,percentage
This worked perfectly fine. Thanks Renjith
Both answer did not work. I'm sure I'm doing something wrong. My 2nd day using splunk 😕
This is my search query
index=app-esp SourceSystemID="ESP-SMB" sourcetype="-FrontEnd" (ServiceName="SalesC" )
and my operation name is ServiceOperationName
Something similar to @renjith.nair's query but with label updated with percentage to reflect that without mouse-over.
your base query to return fields operation and count
| eventstats sum(count) as total
|eval percentage=round((count/total)*100,2)
| eval myOperation=operation." : ".percentage."%"
| table myOperation,percentage