- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: makeresult Work in normal Search app but not i...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
makeresult Work in normal Search app but not in my Dashboard
Hello,
i want to build a dashboard with different panels to Analyse some Alarms.
At the Top i have 2 Input fields field1(text input) and field2(dropdown for status)
I want to habe a panel or an hidden query where i build with | makeresult some Values and write them into my index. Like an Kommentary Funktion for Analysis.
My Problem is now that if i use this query in normal Search app:
| makeresults
| eval event_hash=123
| eval kommentar=abc
| eval wann = now()
| table event_hast kommentar wann
it works perfectly....
But if im going to Save this as a dashboard Panel and look at my Dashboard, it say that no Results get Reflected.
Anyone know This issue?
Thanks for your Help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As I suspected, you saved it with the Events visualization instead of the Statistics. Change this:
<event>
...
</event>
To this:
<table>
...
</table>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your Time
This is the Part from my Dashboard, if you need more Tell me
My Dashboard:
<form>
<label>Analyse Dashboard</label>
<fieldset submitButton="true" autoRun="false">
<input type="text" token="analyse_result" searchWhenChanged="true">
<label>Analyse Ergebnis</label>
</input>
<input type="dropdown" token="alarm_status">
<label>Alarm Status ändern</label>
<choice value="Open">Offen</choice>
<choice value="Work">In Arbeit</choice>
<choice value="Closed">Geschlossen</choice>
</input>
</fieldset>
<row>
<panel>
<event>
<search>
<query>| makeresults
| eval event_hash=123
| eval alarm_phase = "Open"
| eval wann = now()
| eval kommentar="bla"
| table event_hash alarm_phase wann kommentar</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="list.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Post your dashboard XML so we can all play.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your Time
This is the Part from my Dashboard, if you need more Tell me
My Dashboard:
Analyse Dashboard
<input type="text" token="analyse_result" searchWhenChanged="true">
<label>Analyse Ergebnis</label>
</input>
<input type="dropdown" token="alarm_status">
<label>Alarm Status ändern</label>
<choice value="Open">Offen</choice>
<choice value="Work">In Arbeit</choice>
<choice value="Closed">Geschlossen</choice>
</input>
<panel>
<event>
<search>
<query>| makeresults
| eval event_hash=123
| eval alarm_phase = "Open"
| eval wann = now()
| eval kommentar="bla"
| table event_hash alarm_phase wann kommentar
<earliest>0</earliest>
<latest></latest>
</search>
<option name="list.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</event>
</panel>
Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey
Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...
Monitoring Amazon Elastic Kubernetes Service (EKS)
