- last edited on by
MaciejNeumann
Afternoon community!
I have a DQL query which is giving the health status of specific type of message:
fetch logs, from: $dt_timeframe_from, to: $dt_timeframe_to, scanLimitGBytes: 1
| filter dt.system.bucket == "sap_cpi_p1_7d" and matchesValue(integration_artifact_name, "SalesOrderSimulate") and matchesPhrase(custom_headers, "D365")
| summarize count(), by:{custom_status}
The query summarize the data in order to get a PIE chart of custom_status per artifact name "SalesOrderSimulate" (in dashboard new):
Now I have multiple artifact_name and multiple custom_status. Is it possible to have a donut/pie chart splitted by this combinations of values?
like*
SalesOrderSimulate | Complete
SalesOrderSimulate | Failed
CRUD | Complete
CRUD | Failed
etc...
Thank for your support here
The pie chart is only going to allow you to use one dimension as the splitter,
If you want to split it by a combination of those values, you'd have to concatenate those values beforehand and use that new field as the new splitter for your summarization:
fetch logs
| filter isNotNull(cloud.provider)
| fields cloud.provider, loglevel, splitter=concat(cloud.provider, " | ", loglevel)
| summarize count(), by:{splitter}
Featured Posts
