icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Circlepack Viz
SHA256 checksum (circlepack-viz_113.tgz) d47ba3cf0e760ca400bd6d288c8549dac52b795d71cb1e20cfd33df21f82ad3b SHA256 checksum (circlepack-viz_112.tgz) 7c564601915fb8a3a55dbc9ef3d435186d223e7e9ac96c08ddc06305121a64ea SHA256 checksum (circlepack-viz_102.tgz) f69248ef528a34955b47a0280d3b31c0443d58d5a76a40aff8f320245ac7ee72
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Circlepack Viz

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
Circle packing chart / pack layout / bubble chart visualization built with D3. Optional click-to-zoom and plenty of color themes.

Circle packing / pack layout / bubble chart visualization built with D3. Optional click-to-zoom and plenty of color themes.

Copyright (C) 2019 Chris Younger. I am a Splunk Professional Services consultant working for JDS Australia, in Brisbane Australia.

Source code | Questions, Bugs or Suggestions | My Splunk apps

Usage

This visualisation expects tabular data, with any amount of text/category columns, but the last column must be a numerical value.

For example, the following data:

field1 field2 field3 numeric_value
outer1 mid1 node1 5
outer1 mid1 node2 4
outer1 mid2 node3 9
outer2 mid3 node4 13

Would produce this:

The typical search uses stats command like so:

index=* | stats count BY index sourcetype source

Sidenote: a much faster search to do the same thing is

|tstats count where index=* BY index sourcetype source

Note that stats does not return rows when the group BY field is null. Convert nulls to be an empty string like this:

index=_internal 
| eval component = coalesce(component,"") 
| eval log_level = coalesce(log_level,"") 
| stats count BY sourcetype component log_level

Add more fields after the "BY" keyword to increase the depth

Formatting options

The "Color overrides" field accepts either a JSON object (in curly braces) or comma separated pairs. For example to make sure that "INFO" values are green, WARN's are orange and ERROR's are red, set the value like so:

INFO,#1a9035,ERROR,#b22b32,WARN,#AF5300

The "Set color by" options "First field.." allow for data to set the color of the leaf node but not affect the grouping. The "First field as color codes (n/g)" option allows for valid HTML color codes to be passed in from the search. Here is an example search:

index=_internal 
| stats sum(count) as count BY log_level component 
| eval color = case(log_level=="ERROR", "#b22b32",log_level=="INFO", "#1a9035",log_level=="WARN", "#AF5300", true(), "blue") 
| table color component count

Note that when using "Click action" of "Zoom in" the labels are not clipped and will probably overlap.

Third party software

The following third-party libraries are used by this app. Thank you!

Release Notes

Version 1.1.3
Sept. 17, 2019

* Fix for 7.3 to remove "undefined" messages in format menu

Version 1.1.2
July 7, 2019

Add better formatting options for labels. Fix IE11/Edge support. Better handling of large datasets.

Version 1.0.2
June 30, 2019

207
Installs
502
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.