Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create 2 or more dashboards in one panel?

Mrig342
Contributor
‎08-01-2023 10:03 AM

Hi All,

I have got logs as below:

 

Log1: Tue Aug  1 12:15:03 EDT 2023 10G 6.4G 64% /var
Log2: Tue Aug  1 12:15:03 EDT 2023 20G 5.9G 30% /opt
Log3: Tue Aug  1 12:15:02 EDT 2023 11G 7.2G 66% /uam
Log4: Tue Aug  1 12:15:02 EDT 2023 11G 7.2G 85% /mqr

 

Using below query, I created a pie chart for my dashboard:

 

**** | rex field=_raw "(?ms)]\|(?P<host>\w+\-\w+)\|"
| rex field=_raw "(?ms)]\|(?P<host>\w+)\|"
| rex field=_raw "\]\,(?P<host>[^\,]+)\," | rex field=_raw "\]\|(?P<host>[^\|]+)\|"
| rex field=_raw "(?ms)\|(?P<File_System>(\/\w+){1,5})\|" | rex field=_raw "(?ms)\|(?P<Disk_Usage>\d+)"
| rex field=_raw "(?ms)\s(?<Disk_Usage>\d+)%"
| rex field=_raw "(?ms)\%\s(?<File_System>\/\w+)"
| regex _raw!="^\d+(\.\d+){0,2}\w"
| regex _raw!="/apps/tibco/datastore"
| rex field=_raw "(?P<Time>\w+\s\w+\s\d+\s\d+\:\d+\:\d+\s\w+\s\d+)\s\d"
| rex field=_raw "\[(?P<Time>\w+\s\w+\s\d+\s\d+\:\d+\:\d+\s\w+\s\d+)\]"
| rex field=_raw "(?ms)\d\s(?<Total>\d+(\.\d+){0,2})\w\s\d" | rex field=_raw "(?ms)G\s(?<Used>\d+(\.\d+){0,2})\w\s\d"
| eval Available=(Total-Used)
| lookup Environment_List.csv "host"
| search Environment="UAT"
| eval UAT=if(Disk_Usage <= 79, "Below80%", "Above80%")
| stats count by UAT

 

I have 3 other Environments (SIIT,DIT,DIT2), for which I created pie charts using above query and changing the environment name.

Now, I have got 4 pie charts in 4 separate panels in the dashboard. I need to get all the 4 pie charts in one panel and want to create drilldown from that panel. (something like shown in the attachment)

Please help to modify the query to get all the pie charts in one panel in the dashboard. 

 

Your kind consideration is highly appreciated..!!

Thank You..!!

 

 

 

Labels (1)
Labels
Tags (1)
Preview file
8 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎08-01-2023 10:59 AM

Your existing query can work with some minor modifications.

**** | rex field=_raw "(?ms)]\|(?P<host>\w+\-\w+)\|"
| rex field=_raw "(?ms)]\|(?P<host>\w+)\|"
| rex field=_raw "\]\,(?P<host>[^\,]+)\," | rex field=_raw "\]\|(?P<host>[^\|]+)\|"
| rex field=_raw "(?ms)\|(?P<File_System>(\/\w+){1,5})\|" | rex field=_raw "(?ms)\|(?P<Disk_Usage>\d+)"
| rex field=_raw "(?ms)\s(?<Disk_Usage>\d+)%"
| rex field=_raw "(?ms)\%\s(?<File_System>\/\w+)"
| regex _raw!="^\d+(\.\d+){0,2}\w"
| regex _raw!="/apps/tibco/datastore"
| rex field=_raw "(?P<Time>\w+\s\w+\s\d+\s\d+\:\d+\:\d+\s\w+\s\d+)\s\d"
| rex field=_raw "\[(?P<Time>\w+\s\w+\s\d+\s\d+\:\d+\:\d+\s\w+\s\d+)\]"
| rex field=_raw "(?ms)\d\s(?<Total>\d+(\.\d+){0,2})\w\s\d" | rex field=_raw "(?ms)G\s(?<Used>\d+(\.\d+){0,2})\w\s\d"
| eval Available=(Total-Used)
| lookup Environment_List.csv "host"
| eval usage_level=if(Disk_Usage <= 79, "Below80%", "Above80%")
| stats count by Environmant, usage_level

Then as @ITWhisperer mentioned, use Trellis mode to break the display into multiple pie charts.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎08-01-2023 10:59 AM

Your existing query can work with some minor modifications.

**** | rex field=_raw "(?ms)]\|(?P<host>\w+\-\w+)\|"
| rex field=_raw "(?ms)]\|(?P<host>\w+)\|"
| rex field=_raw "\]\,(?P<host>[^\,]+)\," | rex field=_raw "\]\|(?P<host>[^\|]+)\|"
| rex field=_raw "(?ms)\|(?P<File_System>(\/\w+){1,5})\|" | rex field=_raw "(?ms)\|(?P<Disk_Usage>\d+)"
| rex field=_raw "(?ms)\s(?<Disk_Usage>\d+)%"
| rex field=_raw "(?ms)\%\s(?<File_System>\/\w+)"
| regex _raw!="^\d+(\.\d+){0,2}\w"
| regex _raw!="/apps/tibco/datastore"
| rex field=_raw "(?P<Time>\w+\s\w+\s\d+\s\d+\:\d+\:\d+\s\w+\s\d+)\s\d"
| rex field=_raw "\[(?P<Time>\w+\s\w+\s\d+\s\d+\:\d+\:\d+\s\w+\s\d+)\]"
| rex field=_raw "(?ms)\d\s(?<Total>\d+(\.\d+){0,2})\w\s\d" | rex field=_raw "(?ms)G\s(?<Used>\d+(\.\d+){0,2})\w\s\d"
| eval Available=(Total-Used)
| lookup Environment_List.csv "host"
| eval usage_level=if(Disk_Usage <= 79, "Below80%", "Above80%")
| stats count by Environmant, usage_level

Then as @ITWhisperer mentioned, use Trellis mode to break the display into multiple pie charts.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

Mrig342
Contributor
‎08-01-2023 01:01 PM

Hi @richgalloway,

Thank you for your inputs..!! With the query you provided, I am now able to get the pie charts to one panel using trellis mode.

Your kind inputs are highly appreciated...!!

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-01-2023 10:49 AM

Essentially, a panel has chart(s) serviced by one search query. However, for some chart types, including pie charts, there is a trellis mode which could give you the layout you are after.

Reply
Solved! Jump to solution

Mrig342
Contributor
‎08-01-2023 10:57 AM

Hi @ITWhisperer,

Thank you for your inputs..!! But for each pie chart I have got different queries and I will need to combine the queries into one so that I can use trellis mode and create all 4 pie charts in one panel.

Can you please help to modify the query so that I can use the trellis mode and achieve the required dashboard panel.

 

Thank you..!!

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...