Dashboards & Visualizations

Dashboard SPL

phanikumarcs
Explorer

HIi @ITWhisperer 
index=foo sourcetype=json_foo source="az-foo"
|rename tags.envi as env
|search env="*A00001*" OR env="*A00002*" OR env="*A00005*" OR env="*A00020*"
|table env

from the fields i am using:
env="*A00001*" as "PBC"
env="*A00002*" as "PBC"
env="*A00005*" as "KCG
env="*A00020*" as "TTK"

reference:

phanikumarcs_0-1707930080512.png

 



From this SPL, i am trying to create a table like
------------------------------------------------------
PBC           |            KCG           |           TTK
-------------------------------------------------------
all values       all values                 all values
count                count                       count


 

Labels (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
index=foo sourcetype=json_foo source="az-foo"
|rename tags.envi as env
|search env="*A00001*" OR env="*A00002*" OR env="*A00005*" OR env="*A00020*"
|stats count by env
|eval env=case(match(env,"A00001"),"PBC",match(env,"A00002"),"PBC",match(env,"A00005"),"KCG",match(env,"A00020"),"TTK",true(),env)

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Do you mean something like this

index=foo sourcetype=json_foo source="az-foo"
|rename tags.envi as env
|search env="*A00001*" OR env="*A00002*" OR env="*A00005*" OR env="*A00020*"
|stats count by env
0 Karma

phanikumarcs
Explorer

@ITWhisperer No, i mean like, i tried already as you suggested.

From below said, under field PBC the field values comes under A00001, A00002 so for same other KCG and TTK as well, so these can show up in the table like above. 

env="*A00001*" as "PBC"

env="*A00002*" as "PBC"

env="*A00005*" as "KCG

env="*A00020*" as "TTK"

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
index=foo sourcetype=json_foo source="az-foo"
|rename tags.envi as env
|search env="*A00001*" OR env="*A00002*" OR env="*A00005*" OR env="*A00020*"
|stats count by env
|eval env=case(match(env,"A00001"),"PBC",match(env,"A00002"),"PBC",match(env,"A00005"),"KCG",match(env,"A00020"),"TTK",true(),env)
0 Karma

phanikumarcs
Explorer

@ITWhisperer thanks for the solution, i did little changes as per my desired results.

0 Karma
Get Updates on the Splunk Community!

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...