Creating SUMO logic pie chart with SUM totals
I would like to create a SUMO logic pie chart however I am having difficultu doing it with SUM totals. below you can see my query
_sourceCategory=MyAppSource
| parse "* [*] {\"machineName\":*,\"requestPath\":*,\"requestMethod\":*,\"requestSize\":*,\"requestType\":*,\"service\":*,\"duration\":*,\"stack\":*,\"errorMessage\":*,\"errorObject\":*,\"userName\":*,\"clientId\":*,\"statusCode\":*,\"traceIdentifier\":*}" as TimeStamp,Subject,MachineName,RequestPath,RequestMethod,RequestSize,RequestType,Service,Duration,Stack,ErrorMessage,ErrorObject,UserName,ClientID,StatusCode,TraceIdentifier
| if (Duration >= 40, 1, 0) as RequestTimeGreaterThan40ms
| if (Duration < 40, 1, 0) as RequestTimeUnder40ms
| sum(RequestTimeGreaterThan40ms) as RequestTimeGreaterThan40ms, sum(RequestTimeUnder40ms) as RequestTimeUnder40ms
| RequestTimeGreaterThan40ms + RequestTimeUnder40ms as TotalRequest
| (RequestTimeGreaterThan40ms/TotalRequest)*100 as RequestTimeGreaterThan40ms
| (RequestTimeUnder40ms/TotalRequest)*100 as RequestTimeUnder40ms
This produces this result:
However when I look at my pie chart it looks like this
My question: As you can see my issue is that the pie chart is only grabbing the first value which would be 4.03717 and nothing else. I need to transpose the other columns into rows so that the pie chart can understand that these are different values and they all need to be represented in the pie chart. Does anyone know what would be the best way to do this?
I think the problem with your approach is that you end up counting the requests above-40-ms and below-40-ms in two separate "categories", so then it's hard to "join" them (sorry for not too precise wording).
The cleaner way would be to use single aggregation (not double):
_sourceCategory=MyAppSource
| parse "* [*] {\"machineName\":*,\"requestPath\":*,\"requestMethod\":*,\"requestSize\":*,\"requestType\":*,\"service\":*,\"duration\":*,\"stack\":*,\"errorMessage\":*,\"errorObject\":*,\"userName\":*,\"clientId\":*,\"statusCode\":*,\"traceIdentifier\":*}" as TimeStamp,Subject,MachineName,RequestPath,RequestMethod,RequestSize,RequestType,Service,Duration,Stack,ErrorMessage,ErrorObject,UserName,ClientID,StatusCode,TraceIdentifier
| if (Duration >= 40, "greater", "under") as RequestTimeVs40ms
| count by RequestTimeVs40ms
(Disclaimer: I am currently employed by Sumo Logic)
- Math.Sin() gives incorrect value
- How to run my python script when the sunOS is start booting
- Express-session: not resetting cookie expiration on each request
- Getting a stack overflow exception when normalizing a vector
- Edit default summary function in R gives error for multiple variables
- What was a For loop? Why isn't it needed in R?
- How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
- Why are there two assignment operators, `<-` and `->` in R?
- lm()$assign: what is it?
- How to get the value of list(...) in R and S functions
- Design matrix for MLM from library(lme4) with fixed and random effects
- how to generate elements not included in my sample
- Create a matrix with gradually changing values without a for loop
- Emacs ESS and S-plus ( S+ ) 8.1 compatability
- How to lag date-index in a time-series in R?
- Nonlinear regression in R / S
- Calling R from S-Plus?