Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to draw a piechart which show the different msg got from splunk query

neha_h
Explorer
‎04-28-2020 12:22 AM

Hi,
I am getting below events from my splunk search but how to show them in pie chart.

Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error Invalid request".\"}]","podName":"test-service","category":"ERROR"}

Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error downsteam error".\"}]","podName":"test-service","category":"ERROR"}

basically I want to show the String which is there inside Error is array (basically the message part) in the pie chart for today's date

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎04-28-2020 01:40 AM 
| makeresults 
| eval _raw="raw
Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error Invalid request\".\"}]\",\"podName\":\"test-service\",\"category\":\"ERROR\"}
Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error downsteam error\".\"}]\",\"podName\":\"test-service\",\"category\":\"ERROR\"}"
| multikv forceheader=1
| rex "\[(?<codes>.*)\]"
| spath input=codes
| stats count by message

Viz >> Pie Chart

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎04-28-2020 01:40 AM 
| makeresults 
| eval _raw="raw
Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error Invalid request\".\"}]\",\"podName\":\"test-service\",\"category\":\"ERROR\"}
Correlation Id :\"e7b4b14\", msg : Error is:[{\"code\":688,\"message\":\"api failed with error downsteam error\".\"}]\",\"podName\":\"test-service\",\"category\":\"ERROR\"}"
| multikv forceheader=1
| rex "\[(?<codes>.*)\]"
| spath input=codes
| stats count by message

Viz >> Pie Chart

0 Karma
Reply
Solved! Jump to solution

neha_h
Explorer
‎04-28-2020 03:04 AM

Thank you @to4kawa ,
Can we group 1 type of error and it's count in 1 slice and other type and it's count in 2nd slice in pie chart?

0 Karma
Reply
Solved! Jump to solution

to4kawa
Ultra Champion
‎04-28-2020 03:10 AM

yes, you can.

0 Karma
Reply
Solved! Jump to solution

neha_h
Explorer
‎04-28-2020 03:48 AM

how can i do that?

0 Karma
Reply
Solved! Jump to solution

neha_h
Explorer
‎04-28-2020 03:55 AM

Thanks, I could do that with | stats count by codes, Thank you so much @to4kawa

0 Karma
Reply
Solved! Jump to solution

to4kawa
Ultra Champion
‎04-28-2020 03:55 AM

use eval to collect other types

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...