Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it possible to display the cleaner version of raw data in a table or event panel

brooklynotss
Path Finder
‎01-28-2016 01:29 PM

I'm not sure what this part of the raw data UI view is called. See screen shot, alt text

Ideally i'm looking to, on loading of the dashboard panel, only display the data as it looks in section 3 (only the Field and Value parts - don't need or want that Actions dropdown column). Section is 2 what you get out of the box, section 3 only appears if you click the toggle next to my number 1. Also ideally looking to do this in Simple XML. Any help appreciated.

Bigger picture is a dashboard that is a single reference for all data about the selected endpoint so I want to display the PC systeminfo like you see here, but also pull in a whole bunch of other data points. So it's a lot of text to display on a page and just looking to make it as clean as possible. I suspect I need to get into HTML for this but wanted to try here first.

Preview file
1 KB
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎01-28-2016 04:30 PM

I think the closest result could be this run everywhere example:

  index=_internal | stats values(*) AS * by _time | transpose | rename column AS field | rename "row *" AS value*

This will produce a table with a field field and some values1 fields

View solution in original post

Reply
Solved! Jump to solution

wbcem
Explorer
‎03-02-2017 10:20 AM

Here's a trick I've used now and again, the eval split function. If you have a reliable delimiter, you can split a string into a multi value field. A very handy aspect of multi value fields is that each portion of the multi value field will display on a separate line in the table cell. This is the equivalent of embedding newlines in the variable output.

0 Karma
Reply
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎01-28-2016 04:30 PM

I think the closest result could be this run everywhere example:

  index=_internal | stats values(*) AS * by _time | transpose | rename column AS field | rename "row *" AS value*

This will produce a table with a field field and some values1 fields

Reply
Solved! Jump to solution

thunder_wu
Path Finder
‎01-28-2016 06:33 PM

This works great! Appreciate you sharing this trick.

Any quick way to filter out the default fields date_*, host, source, etc. I just want to present data fields extracted by myself. I know I can take them out one by one, just wonder if there is any short syntax to achieve that.

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎01-28-2016 06:40 PM

use after the first | a table command and list only the fields you need:

 index=_internal | table myfield1 myfield2 myfield3 | stats values(*) AS * by _time | transpose | rename column AS field | rename "row *" AS value*
Reply
Solved! Jump to solution

somesoni2
SplunkTrust
SplunkTrust
‎01-28-2016 02:37 PM

Can anyone see the attached image??

0 Karma
Reply
Solved! Jump to solution

brooklynotss
Path Finder
‎01-28-2016 03:13 PM

weird - looks like it broke. I just re-attached it.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎01-28-2016 01:47 PM

Use the table command to display the fields (columns) of interest.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

brooklynotss
Path Finder
‎01-28-2016 01:51 PM

but then it just displays a super long horizontal table with many columns and two rows. not sure how to turn each field-value pair into a row with two columns.

0 Karma
Reply
Solved! Jump to solution

thunder_wu
Path Finder
‎01-28-2016 03:18 PM

I have the exact same need. Table view is not very user friendly.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...