pie chart problems

a212830 · ‎06-05-2012

Hi,

I'm trying to create a pie chart and running into unexpected problems. I have a search that gives me the proper information, but when i try to put it in a pie chart, it's empty. The search is:
source="hpna_source.csv" Rule="bootp" |stats count by Rule, Rule_Compliance

I want to show pie chart with the totals of each Rule_Compliance values (yes and no). The results gives me the information, but I can't get it to appear in a pie chart.

emiller42 · ‎06-05-2012

The problem is that the data you're outputting isn't something that can be represented as a pie chart. A pie chart expects pairs of label:value, while you're giving it triads. (label_a, label_b, value)

To make this work, you could just create a new field that's a concatenation of the 'Rule' and 'Rule_Compliance' fields, and then chart with that.

Something like:

source="hpna_source.csv" Rule="bootp" | eval new_field=Rule + " - " + Rule_Compliance | stats count by new_field

Of course, since you're already narrowing results down to one Rule in the initial search, the above isn't really necessary, and you can just do the following:

source="hpna_source.csv" Rule="bootp" | stats count by Rule_Compliance

ravikanthbadugu · ‎10-15-2019

I have tried the Eval method and that worked for me.
Thank you.

Simeon · ‎06-05-2012

If you have only one rule, and two values for compliance, you probably need to do a stats count by Rule_Compliance.

pie chart problems

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!