Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Pass Count from Multiple Panels to a Single Value ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mcg_connor
Path Finder
08-09-2019
11:26 AM
I'm trying to create a single value panel that shows the total count of results in panels on the dashboard. So say if Panel number 3 , 5 and 8 on the dashboard are showing results the single value panel at the top would say 3.
Thanks for any help!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
08-10-2019
06:15 AM
@mcg_connor ,
You may try with search event tokens.
Here is a run anywhere example
- Check each panels result count and if it's greater than 0 set the respective token to 1 , otherwise 0
- Run a dummy search and add(+) these token values for the single value panel
In case you want to show the total count of the results, you may set the token to $job.resultCount$
<dashboard> <label>Single Panal Values</label> <row> <panel> <table> <search> <query>index=_internal |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="first_panel_count">1</set> </condition> <condition> <set token="first_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> <panel> <table> <search> <query>index=_audit |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="second_panel_count">1</set> </condition> <condition> <set token="second_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> <panel> <table> <search> <query>index=_introspection |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="third_panel_count">1</set> </condition> <condition> <set token="third_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <single> <search> <query>|makeresults|eval result=$first_panel_count$+$second_panel_count$+$third_panel_count$</query> <earliest>-15m</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </single> </panel> </row> </dashboard>
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
08-16-2019
10:40 AM
Set a default value for panel_count of 0
then put a done clause in each panel with this in it <eval token="panel_count">$panel_count$ + 1</eval>.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
08-10-2019
06:15 AM
@mcg_connor ,
You may try with search event tokens.
Here is a run anywhere example
- Check each panels result count and if it's greater than 0 set the respective token to 1 , otherwise 0
- Run a dummy search and add(+) these token values for the single value panel
In case you want to show the total count of the results, you may set the token to $job.resultCount$
<dashboard> <label>Single Panal Values</label> <row> <panel> <table> <search> <query>index=_internal |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="first_panel_count">1</set> </condition> <condition> <set token="first_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> <panel> <table> <search> <query>index=_audit |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="second_panel_count">1</set> </condition> <condition> <set token="second_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> <panel> <table> <search> <query>index=_introspection |stats count by sourcetype</query> <earliest>-15m</earliest> <latest>now</latest> <done> <condition match="'job.resultCount' > 0"> <set token="third_panel_count">1</set> </condition> <condition> <set token="third_panel_count">0</set> </condition> </done> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <single> <search> <query>|makeresults|eval result=$first_panel_count$+$second_panel_count$+$third_panel_count$</query> <earliest>-15m</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </single> </panel> </row> </dashboard>
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
Get Updates on the Splunk Community!
Index This | Why did the turkey cross the road?
November 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
🚀 Your data just got a serious AI upgrade — are you ready?
Say hello to the Agentic Era with the ...
Feel the Splunk Love: Real Stories from Real Customers
Hello Splunk Community,
What’s the best part of hearing how our customers use Splunk? Easy: the positive ...
