T Anna
Reputation: 1004
Splunk search with a variable for unique result count
My query is :
"Call made for " "%2F1234" | timechart span=1d count by APP_NAME
Where 1234 is lets say a team ID. Using this query, I get the calls made for this team over a period of time. What I want is instead of manually searching for each Team ID's incoming calls, give a variable there for Team ID and get a count for the calls made to it grouped by unique Team IDs such that I get a pie chart for all request counts for each Team ID.
Upvotes: 1
Views: 34
Answers (1)
RichG
Reputation: 9926
Extract the team ID from the event then count the events by ID.
index=foo "Call made for " "%2F*"
```Extract the team ID```
| rex "%2F(?<team>\d+)"
| stats count by team
Then click on the Visualization tab and change the chart type to Pie.
Upvotes: 2
Related Questions
- How to make splunk pie chart with specific counts that I have in separate queries?
- Display result count of multiple search query in Splunk table
- Timechart with distinct_count per day
- Splunk Query - Search unique exception from logs with counts
- Splunk - Lookup values + static search string = output with count
- Combining 2 queries based on a common value
- How to accumulate counts from different searches into one (pie) chart?
- Splunk - Stats search count by day with percentage against day-total
- Add calculated threshold line on splunk timechart
- Is there any way how I can get JSON raw data from Splunk for a given query?