Dashboards & Visualizations

Can I use the Events Panel on the dashboard to show all the fields in my search?

POR160893
Contributor

Hey,

In a dashboard, I need a panel where it gives the user an option to download EVERY field of a specific index. Now, this index has over 100 fields. Can I use the Events Panel on the dashboard to show all the fields (admittedly a small view due to the volume of the fields) and then the user can export the respective results from the given panel?


Many thanks,

Patrick

Labels (1)
0 Karma

POR160893
Contributor

My dashboard panels never finish and just stalls ..... even when I tried to use base searches, saved searches, or reduce the time range to juts a few mins. The searches run when run by themselves too ..... just so slow in the dashboard

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please post a new question containing your query and information about the data being searched so we can help resolve that probem.

---
If this reply helps you, an upvote would be appreciated.

POR160893
Contributor

Hi,

I have a dashboard with a number of panels. One of the panels needs to output all events for an index under certain conditions like certain src, port, sourcetype, etc.

The other panels in the dashboard uses base searches and outputs only counts. These panels work.

However, the panel outputting the events uses a saved search and NEVER finishes, even when I change the time range to VERY small time ranges like 30 seconds. I need the panel's search to complete as the stakeholder wants to export the panel's results..

The following is the slow panel on the Dashboard:
Slow_Panel_Calling_SavedSearch.PNG

And here is the respective Saved Search:
Slow_SavedSearch.PNG

Can you please help? 


Thank you,
Patrick

POR160893
Contributor

However, the search on the dashboard panel is now outputting events ..... BUT it is still processing the search, even when I change the time range to just 1 minute or even 30 seconds. Is there any way I can get the search to complete as I need the option to export the panel's events to be available?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You say the search is outputting events, but isn't that a good thing?  If the search doesn't have any output then there will be nothing to export.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, that should work.  Use the | table * command to display all available fields.

---
If this reply helps you, an upvote would be appreciated.

POR160893
Contributor

Perfect. I gave your answer a Karma 🙂

However, the search on the dashboard panel is now outputting events ..... BUT it is still processing the search, even when I change the time range to just 1 minute or even 30 seconds. Is there any way I can get the search to complete as I need the option to export the panel's events to be available?

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...