Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to show count & percentage of the total count in a chart command?

djoobbani
Path Finder
‎08-15-2022 07:22 PM

Dear splunk community:

So i am using the following chart command:

<base search> | chart count by url_path, http_status_code |  addtotals col=true

to get the following search result: URL (Y-Axis) & http status code (X-Axis)

                        200     400     500     502     Total

url1                    15        5          5         5         30

url2                    10       3          6          2         21

                          25       8          11         7         51

Now i need to add the percentage of each count based on the total number and display the count & percentage together like so:

                        200                    400                   500               502              Total

url1               15 (50%)           5 (16%)         5 (16%)        5(16%)         30

url2                10 (47%)          3 (14%)         6 (28%)         2 (9%)          21

                          25 (49%)        8 (15%)         11 (21%)      7 (13%)        51

Can someone show me how to achieve this? Greatly appreciate your help in advance!

 

Labels (3)
Labels
0 Karma
Reply

djoobbani
Path Finder
‎08-16-2022 08:14 AM

Thank you very much for the explanation bowesmana.

So i took your SPL (above) and tried running it in my environment, but unfortunately the result is blank and that may be related to the comment u made regarding count turning into a non numeric value. So does this mean there is no solution for this in splunk? Again thanks for your reply!

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎08-16-2022 06:19 PM

Blank results might mean you have no permission to view _internal index...

However,  I am not aware of any way to append some text to a number and for Splunk to then plot that numerically. One thought it that if you add data values ON to the chart, whether with some Javascript and CSS you could dynamically change the visible text to add the percentage, but I don't know how to do that.

See this developer tools view of the <tspan> element showing the data label of the graph value. I suspect this IS possible, but you would need to have the CSS and probably Javascript knowledge to do it.

bowesmana_0-1660699178478.png

 

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎08-15-2022 09:08 PM

As I suggested in my post to the same question you asked in your other post https://community.splunk.com/t5/Splunk-Search/How-to-get-the-chart-of-count-and-percentage-by-in-one...

you can combine the percentage using the SPL I posted there, which gives you exactly the table you display here, see this.

bowesmana_0-1660622918899.png

However, as soon as you turn a count into a non numeric value, it is no longer a numeric value, so Splunk will not chart that as a vertical Y-axis value.

 

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...