Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Dashboards & Visualizations
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Pass Count from Multiple Panels to a Single Va...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mcg_connor
Path Finder
08-09-2019
11:26 AM
I'm trying to create a single value panel that shows the total count of results in panels on the dashboard. So say if Panel number 3 , 5 and 8 on the dashboard are showing results the single value panel at the top would say 3.
Thanks for any help!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
08-10-2019
06:15 AM
@mcg_connor ,
You may try with search event tokens.
Here is a run anywhere example
- Check each panels result count and if it's greater than 0 set the respective token to 1 , otherwise 0
- Run a dummy search and add(+) these token values for the single value panel
In case you want to show the total count of the results, you may set the token to $job.resultCount$
<dashboard> <label>Single Panal Values</label> <row> <panel> <table> <search> <query>index=_internal |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="first_panel_count">1</set> </condition> <condition> <set token="first_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> <panel> <table> <search> <query>index=_audit |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="second_panel_count">1</set> </condition> <condition> <set token="second_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> <panel> <table> <search> <query>index=_introspection |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="third_panel_count">1</set> </condition> <condition> <set token="third_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <single> <search> <query>|makeresults|eval result=$first_panel_count$+$second_panel_count$+$third_panel_count$</query> <earliest>-15m</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </single> </panel> </row> </dashboard>
Happy Splunking!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
08-16-2019
10:40 AM
Set a default value for panel_count of 0
then put a done clause in each panel with this in it <eval token="panel_count">$panel_count$ + 1</eval>.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
08-10-2019
06:15 AM
@mcg_connor ,
You may try with search event tokens.
Here is a run anywhere example
- Check each panels result count and if it's greater than 0 set the respective token to 1 , otherwise 0
- Run a dummy search and add(+) these token values for the single value panel
In case you want to show the total count of the results, you may set the token to $job.resultCount$
<dashboard> <label>Single Panal Values</label> <row> <panel> <table> <search> <query>index=_internal |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="first_panel_count">1</set> </condition> <condition> <set token="first_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> <panel> <table> <search> <query>index=_audit |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="second_panel_count">1</set> </condition> <condition> <set token="second_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> <panel> <table> <search> <query>index=_introspection |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="third_panel_count">1</set> </condition> <condition> <set token="third_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <single> <search> <query>|makeresults|eval result=$first_panel_count$+$second_panel_count$+$third_panel_count$</query> <earliest>-15m</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </single> </panel> </row> </dashboard>
Happy Splunking!
Get Updates on the Splunk Community!
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
Introducing the 2024 SplunkTrust!
Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!
The ...
