Dashboards & Visualizations

Limit the number of row in a multivalue column in a dashboard

BakaFon
Loves-to-Learn Everything

Hello,

I need to limit the number of value shown in a multivalue column in a dashboard. This was possible using advanced xml using this option:

<module name="SimpleResultsTable">                                                               
 <param name="allowTransformedFieldSelect">True</param>                                                               
 <param name="count">10</param>

But I fail to see how to do it in simple xml now that advanced xml is deprecated

it should look like something like this 

Screenshot 2022-02-07 145941.png

There is a way to do this using classic dashboard on newer version of splunk that no longer support advanced xml?

Labels (4)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @BakaFon,

you could insert in your stats command the distinct count of values for your field and, if it exceeds the limit display only the first two or three,

so if the field is dest_ip and you want to display only the first three, you could use something like this:

index=your_index
| stats values(ip_dest) AS ip_dest dc(ip_dest) AS dc_ip_dest By host
| eval ip_dest=if(dc_ip_dest>3,"More IP dest",ip_dest)

Ciao.

Giuseppe

0 Karma

BakaFon
Loves-to-Learn Everything

I forgot to mention that if I click on the more value it actually expand and show  them all so I can't use your solution because I won't be be to read all the values

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @BakaFon,

I implemented the feature you want, making on click a drilldown in another dashboard or in another panel where all the results are displayed.

You can do this passing the filter parameters of your search buit without the check on the number of multivalues.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...