Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Dashbaord creation single panel for two different index with their respective sourectypes

bapun18
Communicator
‎01-20-2020 04:27 AM

How do I Create a single dashboard panel with two different index and their respective source types displaying count for same field with a drop down suggesting for index selection i.e if i select a particular index from the dropdown respective count for that field is displayed and so on.

0 Karma
Reply

vnravikumar
Champion
‎01-21-2020 06:38 AM

Hi

Check this and modify it accordingly

<form>
  <label>filter</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="selectedindex">
      <label>Index Name</label>
      <fieldForLabel>title</fieldForLabel>
      <fieldForValue>title</fieldForValue>
      <search>
        <query>| rest /services/data/indexes | dedup title | table title</query>
      </search>
      <change>
        <condition>
          <unset token="form.sourcetype"></unset>
        </condition>
      </change>
    </input>
    <input type="dropdown" token="sourcetype">
      <label>Source Type</label>
      <fieldForLabel>sourcetype</fieldForLabel>
      <fieldForValue>sourcetype</fieldForValue>
      <search>
        <query>index="$selectedindex$" |stats count by sourcetype</query>
      </search>
    </input>
  </fieldset>
  <row depends="$sourcetype$">
    <panel>
      <table>
        <search>
          <query>index="$selectedindex$" sourcetype="$sourcetype$" |stats count by source</query>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>
0 Karma
Reply

bapun18
Communicator
‎01-20-2020 04:30 AM

Sharing the demo query details :

index=blc_db sourcetype=prd_spark_agg_blc_nginx_access OR
index=internal_smapi_db sourcetype=prd_spark_agg_smapi_be_events_per_request
|stats count by src
| bucket _time span=1d

Please help me in modifying the query

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...