Dashboards & Visualizations

How to create a dashboard where i can insert the result of one dashboard panel and add the result to another panel?

Path Finder

I would like to create a dashboard where i can get the result from one panel (query 1) and insert the results into Panel 2 and 3. This dashboard should be in form format where type an IP address in a box, then add the the IP address to query 1. Query 1 results will then be inserted into query 2 and 3 which will display the result on each panel.

query 1 sourcetype=name app=http-proxy $token1$| stats count by src_ip
I would like to add the result from query 1 and insert the result to query 2 and 3.

query 2

index=name2 $tokenResultfromQuery1$   | rename user AS User clientip AS "Client IP Address" assigned_ip AS "Assigned IP Address" vpn AS VPN reason AS Reason |  table User "Client IP Address" "Assigned IP Address" Group VPN "Start Time" | sort-_time

query 3

sourcetype="WinEventLog:Security" $tokenResultfromQuery1$ | stats count by user, src_ip
0 Karma


You need a form, not a dashboard. You will also need a base search for the query and the post-process searches for the two panels. This will require editing the Simple XML. Here are the documentation references:

Build and Edit Forms: http://docs.splunk.com/Documentation/Splunk/6.6.2/Viz/Buildandeditforms

Post-process searches: http://docs.splunk.com/Documentation/Splunk/latest/Viz/Savedsearches#Post-process_searches

I think that the Splunk Dashboard Examples App may be more helpful than just the documentation...

There may be other ways to do this, but I think this is the most direct.

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!