- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: show all panels output to single panel in a da...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Splunkers,
I have 6 panels in my dashboard and all the panels have different underlying query but the output fields in the panel stats table are same and the results in all the panels look like the below sample table.
I want to club all the results into a single panel/table at the end.So i just want to display one panel which contains the results from all the other panels.
Thank you.
user action time object group difference modifier
zbc xyz 10-Sep hddh dj-dhdh 6 jhyy
dhdh cnnc 10-Sep fhfhf jjj-ggg 8 gg
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I assume that you just want one final table in your dashboard and not 6 sub-tables plus one final. Nevertheless, the approach to solve this question is the same. What I suggest is to cascade the searches:
<dashboard>
<label>Test Dashboard</label>
<search id="result1">
<query>
| makeresults | eval user="zbc" | eval action="xyz" | eval time="10-Sep" | eval object="hddh" | eval difference="1"
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<search id="result2" base="result1">
<query>
|append [ | makeresults | eval user="zyy" | eval action="Qyz" | eval time="11-Sep" | eval object="hddh" | eval difference="2" ]
</query>
</search>
<search id="result3" base="result2">
<query>
|append [ | makeresults | eval user="zyty" | eval action="QQyz" | eval time="12-Sep" | eval object="hddh" | eval difference="3" ]
</query>
</search>
<row>
<panel>
<table>
<title>Result Table</title>
<search base="result3">
<query>|table *</query>
</search>
</table>
</panel>
</row>
</dashboard>
This executes the searches sequentially and appends the results
Hope it helps
Oliver
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do it like this:
Your Search Here with all stuff combined
| multireport
[ stats some stuff here]
...
[ stats other stuff here]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi woodcock, do you refer to multisearch?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I assume that you just want one final table in your dashboard and not 6 sub-tables plus one final. Nevertheless, the approach to solve this question is the same. What I suggest is to cascade the searches:
<dashboard>
<label>Test Dashboard</label>
<search id="result1">
<query>
| makeresults | eval user="zbc" | eval action="xyz" | eval time="10-Sep" | eval object="hddh" | eval difference="1"
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<search id="result2" base="result1">
<query>
|append [ | makeresults | eval user="zyy" | eval action="Qyz" | eval time="11-Sep" | eval object="hddh" | eval difference="2" ]
</query>
</search>
<search id="result3" base="result2">
<query>
|append [ | makeresults | eval user="zyty" | eval action="QQyz" | eval time="12-Sep" | eval object="hddh" | eval difference="3" ]
</query>
</search>
<row>
<panel>
<table>
<title>Result Table</title>
<search base="result3">
<query>|table *</query>
</search>
</table>
</panel>
</row>
</dashboard>
This executes the searches sequentially and appends the results
Hope it helps
Oliver
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried but not able to see any results being generated.Can you please provide sample run anywhere code .Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please create an empty dashboard, edit source and paste the code that I've inserted above.
Oliver
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the update, but the export option for the result table panel is disabled .How to make that enable and download the CSV file
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is a known bug when using the base search feature. Please take a look at the "base-search" feature documentation. You can always press the "open in search". Once you have opened it in a new search window, you can export to csv. Alternatively, you could use the outputcsv command: https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/Outputcsv
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@kranthimutyala could you add more details as to why you have six different panels for similar results? What is the difference between each of the 6 different panels?
Also for the community to assist you better if you can provide your current SPL and sample data output for each of the six panels that would be great.
Please mock/anonymize any sensitive information before posting on Splunk Answers.
| makeresults | eval message= "Happy Splunking!!!"
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
