Re: dashboard studio column formatting array

Skins · ‎02-13-2023

I'm looking to add some column formatting to some table in dashboard studio - but the option is greyed out saying the column is an array, why is this ? and can i re-factor my search to make it work?

index=test AND host="test" sourcetype=test
| stats latest(state) latest(status) by host name state status
| stats list(name) as NAME list(state) as STATE list(status) as STATUS by hos

Skins · ‎02-14-2023

Thanks!, but the last stats command presents the data in list format as i want.
if i remove that it doesnt give the desired output?

ITWhisperer · ‎02-14-2023

You could use mvjoin to convert the multivalue fields into single fields - does that help?

Skins · ‎02-14-2023

nope that removes the list formatting - desired output looks like this:

host NAME STATE STATUS

host

Disk 0

Disk 1

Disk 2

Disk 3

Disk 4

Online

Up

ITWhisperer · ‎02-13-2023

The stats command is creating three multivalue fileds (arrays) - these appear to be superfluous as the previous stats command has already created a set of events with exactly the same information in. Try removing the last stats command.

Why is dashboard studio column formatting array?

Dashboard Studio

Index This | How many sides does a circle have?

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?