Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it possible to fill automatically a chart radar from a lookup?

jip31
Motivator
‎02-15-2022 01:15 AM

hi

I would like to know if it is possible to display automatically a chart radar from a lookup?

radar.csv is the result of a scheduled search

there is 3 fields in this csv : "sig_app" which correspond to the radar "key" field, sig_cat which correspond to the radar "axis" field and count which correspond to the radar "value" field

is it possible to do this or not? 

thanks

 

| inputlookup radar.csv 
| eval sig_app=key
| eval sig_cat=axis
| eval count=value 
| eval key="Actions", AAA=.37, BBB=8.64, CCC=2.56, DDD=1.68, EEE=4.992
| untable key,"axis","value" 
| eval keyColor="magenta"

 

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎02-15-2022 07:09 AM

Try like this

 

| inputlookup radar.csv 
| rename sig_app as key, sig_cat as axis, count as value 
| eval keyColor="magenta"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎02-15-2022 07:09 AM

Try like this

 

| inputlookup radar.csv 
| rename sig_app as key, sig_cat as axis, count as value 
| eval keyColor="magenta"
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...