I have a line being logged similar to
Foo_Thing=10.0 Foo_Thing2=12.2 Foo_OtherThing=34.5 Foo_YetAnotherThing2=43.3
What I want to do is create a chart of these values (possibly a pie chart) but so far I have not been able to get BOTH the value AND the label into the chart like I want.
I have tried lots of things, like extract , kvpairs , etc, etc... this is the closest I can come
sourcetype="syslog" "Foo percetages" | head 1 | rex "(?P<ftype>Foo_[a-zA-Z0-9]+)=(?P<perc>[\d\.]+)" max_match=40 | chart max(perc) by ftype
Of course this charts each ftype by the max value of the perc, so 43.3 for all. I have attempted using the function values , but this maps every value to every ftype, which is also not what I want. What can I do to capture the field name AND field value and have them paired up so charting makes sense?
... View more