I am trying to create a dashboard that displays the count and percentage based off HTTP and HTTPS request types.
So when you say you can see HTTPS and HTTP request types - is the field for request type being extracted by Splunk? If it's just present in the raw event data but not extracted, then you'll need to first extract it. You can check on the list of events on the left hand side of results to see if it has been extracted.
Can you also show me an example (redacting out any sensitive data) of each request type from your events? That will help me write you a more focused search if the field isn't being extracted normally.
I am getting no results found, but I am looking through the logs and can clearly see that there are HTTP and HTTPS request types.
Hi there,
You can modify this search to meet your needs. I used Splunk's internal logs as an example:
index=_internal sourcetype=splunkd log_level=*
| eventstats count as totalcount
| chart sparkline count,first(totalcount) as totalcount by log_level
| eval percentage=round(count/totalcount*100,2)."%"