Dashboards & Visualizations

Can I use the Events Panel on the dashboard to show all the fields in my search?

POR160893
Builder

Hey,

In a dashboard, I need a panel where it gives the user an option to download EVERY field of a specific index. Now, this index has over 100 fields. Can I use the Events Panel on the dashboard to show all the fields (admittedly a small view due to the volume of the fields) and then the user can export the respective results from the given panel?


Many thanks,

Patrick

Labels (1)
0 Karma

POR160893
Builder

My dashboard panels never finish and just stalls ..... even when I tried to use base searches, saved searches, or reduce the time range to juts a few mins. The searches run when run by themselves too ..... just so slow in the dashboard

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please post a new question containing your query and information about the data being searched so we can help resolve that probem.

---
If this reply helps you, Karma would be appreciated.

POR160893
Builder

Hi,

I have a dashboard with a number of panels. One of the panels needs to output all events for an index under certain conditions like certain src, port, sourcetype, etc.

The other panels in the dashboard uses base searches and outputs only counts. These panels work.

However, the panel outputting the events uses a saved search and NEVER finishes, even when I change the time range to VERY small time ranges like 30 seconds. I need the panel's search to complete as the stakeholder wants to export the panel's results..

The following is the slow panel on the Dashboard:
Slow_Panel_Calling_SavedSearch.PNG

And here is the respective Saved Search:
Slow_SavedSearch.PNG

Can you please help? 


Thank you,
Patrick

POR160893
Builder

However, the search on the dashboard panel is now outputting events ..... BUT it is still processing the search, even when I change the time range to just 1 minute or even 30 seconds. Is there any way I can get the search to complete as I need the option to export the panel's events to be available?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You say the search is outputting events, but isn't that a good thing?  If the search doesn't have any output then there will be nothing to export.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, that should work.  Use the | table * command to display all available fields.

---
If this reply helps you, Karma would be appreciated.

POR160893
Builder

Perfect. I gave your answer a Karma 🙂

However, the search on the dashboard panel is now outputting events ..... BUT it is still processing the search, even when I change the time range to just 1 minute or even 30 seconds. Is there any way I can get the search to complete as I need the option to export the panel's events to be available?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...