Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

a pipeline added to the subsearch when creating a dashboard with drilldown and base searches

FAnalyst
Engager
‎11-10-2021 12:10 AM

I need help about this subsearch using pivot command 

Base search : | pivot  Traffic  All_Traffic FILTER  zone is "$form.srcZone$"

sub search: count(src_zone) AS src_zone_count SPLITROW zone AS zone TOP 100 count(zone) ROWSUMMARY 0 COLSUMMARY 0 SHOWOTHER 1 

the problem is that there is a pipeline added by splunk before the subsearch I wnat the subsearch to be  exectuted without the pipline 

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-10-2021 12:55 AM

By subsearch, do you mean a chained search e.g. a search in a panel that has a base defined referencing a base search defined elsewhere in the dashboard?

If so, there is no way to remove the pipe from the generated query. However, given that pivot is just a wrapper for stats and xyseries, can you not just refactor your search to deal with the table produced by the pivot command by using stats command and similar?

0 Karma
Reply

FAnalyst
Engager
‎11-10-2021 01:07 AM

hello thank you for answering 

here is the panel search when it gets excused when  I delete the pipeline added by splunk and run the search again the issue  will be resolved  

| pivot Traffic All_Traffic FILTER zone is "User  Zone" | count(zone) AS zone_count SPLITROW zone AS zone TOP 100 count(zone) ROWSUMMARY 0 COLSUMMARY 0 SHOWOTHER 1

 

I am taking this approach because I want to build a dashboard from a datamodel and I want it to be dynamic so the user can choose from the dirlldown the zone that the dashboard base search will take the user input and pass it to the panels searches that would give results for the zone chosen by the user 

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...