Help with a pie chart search?

daniel333 · ‎01-29-2019

All,

I have a relatively simple search but I am tripping over it for some reason.

I want a pie chart of all hosts in my company. Any host with package="telnet*" as red and those without in blue. Any idea how I'd get that search working?

adonio · ‎01-29-2019

hello there,

try this code anyhere, it will create a 50/50 ratio pie chart.

| makeresults count=30
| eval package_prefix = "telnet;blah"
| makemv delim=";" package_prefix
| mvexpand package_prefix
| eval random = if(package_prefix=telnet,random()%400,random()%50)
| eval package = package_prefix."-".random
| eval add = "computer"
| streamstats count as record_number
| eval host = "computer"."-".record_number
| rename COMMENT as "above generates fake results, belew is your solution" 
| rename COMMENT as "here we will use the eval LIKE function"
| eval host_group = if(package like "telnet%","tel","other")
| stats dc(host) as u_host by host_group

please excuse me as i didnt save as dashboard so i can show how to use the xml code to hardcode red and blue, but you can use similar answers here to accomplish that task, here for example:
https://answers.splunk.com/answers/563888/how-to-change-default-color-charts.html

see screenshot:
1:

Help with a pie chart search?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms