Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Combining two results into one CSV file from Dashboard

earakam
Path Finder
‎03-09-2016 08:37 PM

Hi

I am trying to figure out this.

In dashboard, i have two different panels with different searches.
How can I combine those two results by clicking the "export" button on the bottom left to output as one CSV file.
I know that I can do this if i use CLI search or some scripts, but I specifically want to do this from UI in Dashboard.

Could someone help me with this?

Thank you.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

chimell
Motivator
‎03-10-2016 02:16 AM

Hi
If your xml code is like this:

<form>
   <label>Show Hide Using checkbox</label>
     <row>
     <panel>
       <table >
         <search>
           <query>index=_internal | stats c by sourcetype</query>
           <earliest>-60m@m</earliest>
           <latest>now</latest>
         </search>
       </table>
     </panel>
     <panel>
       <table >
         <search>
           <query>index=_internal | stats c by host</query>
           <earliest>-60m@m</earliest>
           <latest>now</latest>
         </search>
       </table>
     </panel>
   </row>
 </form>

I advise you firstly to combine your two searches in on search and use outputcsv command to export a result 

index=_internal | stats c by sourcetype|appendcols[search index=_internal | stats c by host]|outputcsv myresult

Or secondly use this option in advance xml to export you result:

 <module name="Export"/>

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

chimell
Motivator
‎03-10-2016 02:16 AM

Hi
If your xml code is like this:

<form>
   <label>Show Hide Using checkbox</label>
     <row>
     <panel>
       <table >
         <search>
           <query>index=_internal | stats c by sourcetype</query>
           <earliest>-60m@m</earliest>
           <latest>now</latest>
         </search>
       </table>
     </panel>
     <panel>
       <table >
         <search>
           <query>index=_internal | stats c by host</query>
           <earliest>-60m@m</earliest>
           <latest>now</latest>
         </search>
       </table>
     </panel>
   </row>
 </form>

I advise you firstly to combine your two searches in on search and use outputcsv command to export a result 

index=_internal | stats c by sourcetype|appendcols[search index=_internal | stats c by host]|outputcsv myresult

Or secondly use this option in advance xml to export you result:

 <module name="Export"/>
0 Karma
Reply
Solved! Jump to solution

earakam
Path Finder
‎03-14-2016 02:10 AM

thanks chimell!

0 Karma
Reply
Solved! Jump to solution

chimell
Motivator
‎03-11-2016 01:09 AM

good thanks

0 Karma
Reply
Solved! Jump to solution

chimell
Motivator
‎03-11-2016 01:13 AM

Hi
I forget to rename the second count c as c1 to make difference
use the following 

 index=_internal | stats c by sourcetype|appendcols[search index=_internal | stats c as c1 by host]|outputcsv myresult
0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...