Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Make a dashboard visual from calculated field

hollybross1219
Path Finder
‎02-28-2020 04:38 PM

Splunk n00b here with a question.

I have a query I would like to display on a bar graph dashboard visual. Here is the query:

index=wsi_tax_summary sourcetype=stash partnerId=* error_msg_service=* ein=* ein!="" tax_year=2019 capability=109* 
| eval error_msg_service = case(match(error_msg_service, "OK"), "Success", 1==1, "Fail") 
| stats dc(intuit_tid) as Total by partnerId error_msg_service 
| chart limit=0 useother=f sum(Total) as Total by partnerId error_msg_service 
| eval total_request = Fail + Success 
| eval "Success Rate" = round(((Success/total_request)*100),2) 
| fieldformat "Success Rate"=tostring('Success Rate')+"%" 
| sort "Success Rate"
| fields partnerId "Success Rate"

Since I'm aiming for a bar graph, the values on Y axis should be partnerId and the X axis should be a value called "Success Rate", which I created with several eval statements. When I click into "visual", nothing produces. Looks like I can only do it with a chart or timechart function

Anyone know how I can achieve this?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎02-28-2020 05:06 PM 
 index=wsi_tax_summary sourcetype=stash partnerId=* error_msg_service=* ein=* ein!="" tax_year=2019 capability=109* 
 | eval error_msg_service = case(match(error_msg_service, "OK"), "Success", 1==1, "Fail") 
 | stats dc(intuit_tid) as Total by partnerId error_msg_service 
 | chart limit=0 useother=f sum(Total) as Total by partnerId error_msg_service 
 | eval total_request = Fail + Success 
 | eval "Success Rate" = round(((Success/total_request)*100),2) 
 | sort "Success Rate"
 | fields partnerId "Success Rate"

I think, you are not n00b .
try Visualization > Bar Chart

View solution in original post

0 Karma
Reply
Solved! Jump to solution

hollybross1219
Path Finder
‎03-02-2020 09:45 AM

Hey @to4kawa, thank you. I guess the fieldformat messed up the viz 🙂

0 Karma
Reply
Solved! Jump to solution

to4kawa
Ultra Champion
‎03-02-2020 01:01 PM

I see, please accept the answer to close the question.

0 Karma
Reply
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎02-28-2020 05:06 PM 
 index=wsi_tax_summary sourcetype=stash partnerId=* error_msg_service=* ein=* ein!="" tax_year=2019 capability=109* 
 | eval error_msg_service = case(match(error_msg_service, "OK"), "Success", 1==1, "Fail") 
 | stats dc(intuit_tid) as Total by partnerId error_msg_service 
 | chart limit=0 useother=f sum(Total) as Total by partnerId error_msg_service 
 | eval total_request = Fail + Success 
 | eval "Success Rate" = round(((Success/total_request)*100),2) 
 | sort "Success Rate"
 | fields partnerId "Success Rate"

I think, you are not n00b .
try Visualization > Bar Chart

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...