Dashboards & Visualizations

How do I format a Dashboard to show results of separate Searches "Rolled Up" (for ease of use)?

mac81
New Member

How can I format a dashboard to show results of separate Searches "Rolled Up" (for ease of use)?

That is, instead of a list or a table, which takes up A LOT of vertical space, how can I show, for each separate Search, just a line that gives the Search name and then maybe how many results there are for that Search, and then the same for the next Search.

And then maybe the Search name would be clickable so as to expand the Search results?

Thanks.
Mac

Tags (1)
0 Karma

whrg
Motivator

How about using a single value panel showing the total number of results as well as a drilldown to the actual search?

Like this:

<dashboard>
  <label>Dashboard with Drilldowns</label>
  <row>
    <panel>
      <single>
        <title>index=_* sourcetype=splunkd</title>
        <search>
          <query>index=_* sourcetype=splunkd | stats count</query>
          <earliest>-60m@m</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">all</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
  </row>
</dashboard>

To add a drilldown to a single value panel in the UI editor, click on the three dots (More actions) next to the single value, then on Edit Drilldown and then Link to search.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...