在 Splunk 饼图搜索表达式中需要帮助
Need help in Splunk Pie chart search expression
我是 splunk 仪表板开发的新手,到目前为止,我仅使用 'single value'.
创建 KPI
我有三个 KPI 结果 600、250、150
KPI 1 搜索表达式 - 结果为 600(示例)
index=indexname kubernetes.container_name=tpt
MESSAGE = "Code request"
| spath output=message path=MESSAGE
| table _time message
| stats count as count1
KPI 2 搜索表达式 - 结果为 250(示例)
index=indexname kubernetes.container_name=rsv
MESSAGE = "pin in email"
| spath output=message path=MESSAGE
| table _time message
| stats count as count2
KPI 3 搜索表达式 - 结果为 150(示例)
index=indexname kubernetes.container_name=rsv
MESSAGE = "pin in sms"
| spath output=message path=MESSAGE
| table _time message
| stats count as count3
我已在仪表板中将 KPI 上方的数字显示为数字。但是,我想显示一个饼图,其中包含上述数字的 60%、25% 和 15% 的份额。创建此图表的搜索表达式是什么?
您可以通过将其作为单个查询来实现它,提取字段并使用 splunk append 附加它,下面是查询
index=indexname kubernetes.container_name=tpt MESSAGE = "*Code request*"
| spath output=msg path=MESSAGE
| eval counts=case((msg="Code request" ,"count1",msg="pin in email" ,"count2",msg="pin in sms" ,"count3")
| stats count by counts
| append [search index=indexname kubernetes.container_name=rsv MESSAGE = "*pin in email*"
| spath output=msg path=MESSAGE
| eval counts=case((msg="Code request" ,"count1",msg="pin in email" ,"count2",msg="pin in sms" ,"count3")
| stats count by counts
| append [search index=indexname kubernetes.container_name=rsv MESSAGE = "*pin in sms*"
| spath output=msg path=MESSAGE
| eval counts=case((msg="Code request" ,"count1",msg="pin in email" ,"count2",msg="pin in sms" ,"count3")
| stats count by counts ]]
我是 splunk 仪表板开发的新手,到目前为止,我仅使用 'single value'.
创建 KPI我有三个 KPI 结果 600、250、150
KPI 1 搜索表达式 - 结果为 600(示例)
index=indexname kubernetes.container_name=tpt
MESSAGE = "Code request"
| spath output=message path=MESSAGE
| table _time message
| stats count as count1
KPI 2 搜索表达式 - 结果为 250(示例)
index=indexname kubernetes.container_name=rsv
MESSAGE = "pin in email"
| spath output=message path=MESSAGE
| table _time message
| stats count as count2
KPI 3 搜索表达式 - 结果为 150(示例)
index=indexname kubernetes.container_name=rsv
MESSAGE = "pin in sms"
| spath output=message path=MESSAGE
| table _time message
| stats count as count3
我已在仪表板中将 KPI 上方的数字显示为数字。但是,我想显示一个饼图,其中包含上述数字的 60%、25% 和 15% 的份额。创建此图表的搜索表达式是什么?
您可以通过将其作为单个查询来实现它,提取字段并使用 splunk append 附加它,下面是查询
index=indexname kubernetes.container_name=tpt MESSAGE = "*Code request*"
| spath output=msg path=MESSAGE
| eval counts=case((msg="Code request" ,"count1",msg="pin in email" ,"count2",msg="pin in sms" ,"count3")
| stats count by counts
| append [search index=indexname kubernetes.container_name=rsv MESSAGE = "*pin in email*"
| spath output=msg path=MESSAGE
| eval counts=case((msg="Code request" ,"count1",msg="pin in email" ,"count2",msg="pin in sms" ,"count3")
| stats count by counts
| append [search index=indexname kubernetes.container_name=rsv MESSAGE = "*pin in sms*"
| spath output=msg path=MESSAGE
| eval counts=case((msg="Code request" ,"count1",msg="pin in email" ,"count2",msg="pin in sms" ,"count3")
| stats count by counts ]]