Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Pie chart displaying "other(n)" and "OTHER" fields.

robettinger
Explorer
‎08-28-2017 05:02 AM

Hi,

I am creating a pie chart which shows the top logon count but unfortunatelly the system is showing two different types of "Others", one if "OTHER" and "other (n)".

This is my query:

... base search | top 10 User useother=true.

alt text

Does anyone know why this happening? It doesn't happen all the time, though. Sometimes only the "OTHER" value is present.

Thank you.

Preview file
1 KB
Reply
1 Solution
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎08-28-2017 05:32 AM

It is because the pie slices are two small that they put them together into other (2)
If you go into Format, you can change the slice size for when there are more than 10 slices (in your case there would be 11, with the useother argument for top 10). I tested changing some of my own data to .5 and that seemed to work.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎08-28-2017 05:32 AM

It is because the pie slices are two small that they put them together into other (2)
If you go into Format, you can change the slice size for when there are more than 10 slices (in your case there would be 11, with the useother argument for top 10). I tested changing some of my own data to .5 and that seemed to work.

0 Karma
Reply
Solved! Jump to solution

robettinger
Explorer
‎08-28-2017 05:37 AM

Bingo! Thank you!

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎08-28-2017 06:21 AM

@cmerriman, the Minimum Size can be set to zero (0) as well to always show all slices.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

ab81428
Path Finder
‎08-28-2017 05:27 AM

Hi Robettinger,

If use just - "top 10 User" one other record will go. "useother=true is creating new record.

I hope this will help you.

Reply
Solved! Jump to solution

robettinger
Explorer
‎08-28-2017 05:32 AM

Hi,

if I remove the "useother" both "Other" disappear and this would not reflect my use case. 😞 I would like to have only one other which accounts to the total number of remainning logons from other users.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...