Hi Guys, (Please see attached file for better understanding)
I need help adjusting my query to show the below results:
I want to put all the (software, brand and product) in one single row with the total number of their count under “count”
Example, instead of having multiple Mac, Window etc… we should just have one row with the total count
Current table
Software | Brand | Product | Number of count |
Mac | Apple | MTBNUYE2V0 | 1 |
Mac | Apple | MTBNUYE2V1 | 1 |
Mac | Apple | MTBNUYE2V2 | 1 |
Mac | Apple | MTBNUYE2V3 | 1 |
Mac | Apple | MTBNUYE2V4 | 1 |
Mac | Apple | MTBNUYE2V5 | 1 |
Mac | Apple | MTBNUYE2V6 | 1 |
Mac | Apple | MTBNUYE2V7 | 1 |
Mac | Apple | MTBNUYE2V8 | 1 |
Mac | Apple | MTBNUYE2V9 | 1 |
Mac | Apple | MTBNUYE2V10 | 1 |
Mac | Apple | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Window | Win.x | Youbest | 2 |
Example of expected result:
Software |
Brand |
Version |
Number of count |
Mac |
Apple |
20.20.20 |
200 |
Windows |
Win.x |
30.90.09 |
320 |
Data is from: index=product sourcetype=my_product
Data is from: |inputlookup product
Hi @charlesukah22,
the main search should be something like this:
index=product sourcetype=my_product
| stats count BY Software Brand Version
then you should have a drilldown opening a new dashboard with your table passing the tokens from the click:
this is an example from the Splunk dashboard examples App (https://splunkbase.splunk.com/app/1603/) that I hint to install:
<dashboard>
<label>Drilldown Link to Dashboard</label>
<row>
<panel>
<table>
<search>
<query>
index=product sourcetype=my_product
| stats count BY Software Brand Version
</query>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">true</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
<drilldown>
<link target="_blank">/app/your_app/secondary_dashboard?software=$row.Software$&brand=$row.Brand$&version=$row.Version$</link>
</drilldown>
</table>
</dashboard>
then in the secondary_dashboard, you have to use a search like this:
index=product sourcetype=my_product Software=$software$ Brand=$brand$ Version=$version$
| table Software Brand Version Product
Ciao.
Giuseppe
Hi @charlesukah22,
good!
for the other people of Community, please accept the answer.
Ciao and next time!
Giuseppe
P.S.: Karma Points are appreciated 😉
Hi @charlesukah22,
you didn't accepted the solution, but your post!
Ciao and next time.
Giuseppe
P.S.: Karma Points are appreciated 😉
So sorry,
Didn't know where to accept it.
The answer cleared my issues. Thank you