- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Is it possible to get the value of a specific row ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Given that we have index=foo sourcetype=bar | table Aaa Bbb Ccc Ddd in a <search>, is it possible to get the (say for example) the 4th row of $result.Ccc$? According to Splunk, $result.Ccc$only retrieves the first row.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@morethanyell... It was this same constraint for which I had provided you the options in your previous question
You can use appendcol to add column from results of a subsearch to the existing columns of the main search and then display the results using Splunk's table visualization.
In the context of this question you would need to use Splunk JS stack to iterate through the search result to set a particular token: Refer to one of my older answers: https://answers.splunk.com/answers/618930/how-can-i-get-the-table-cell-colorization-renderin-1.html
This is a basic example of using SplunkJS stack to access search results where you can create a loop to iterate through result rows: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEU6
PS: Before you try to dive into SplunkJS do check out whether appendcols solves your need or not. For us to assist you better you should provide more details on what first query returns and around second query with new column and how it is correlated with first results to be displayed in the same table. Also any reason for using <html><panel> with <table>, instead of Splunk's <table> visualization?
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@morethanyell... It was this same constraint for which I had provided you the options in your previous question
You can use appendcol to add column from results of a subsearch to the existing columns of the main search and then display the results using Splunk's table visualization.
In the context of this question you would need to use Splunk JS stack to iterate through the search result to set a particular token: Refer to one of my older answers: https://answers.splunk.com/answers/618930/how-can-i-get-the-table-cell-colorization-renderin-1.html
This is a basic example of using SplunkJS stack to access search results where you can create a loop to iterate through result rows: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEU6
PS: Before you try to dive into SplunkJS do check out whether appendcols solves your need or not. For us to assist you better you should provide more details on what first query returns and around second query with new column and how it is correlated with first results to be displayed in the same table. Also any reason for using <html><panel> with <table>, instead of Splunk's <table> visualization?
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks @niketnilay please convert your comment to answer
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@morethanyell, I have converted to answer. In case you go the Splunk JS route, do let us know if you need further help 🙂
I do strongly feel appendcols seems a good fit for your use case!
| makeresults | eval message= "Happy Splunking!!!"
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
