Splunk Search

How do you display multiple column headers on a table?

jenny_life
Path Finder

hello everyone

I'd like to display multiple column headers on the table like the below image.

I can create the table, but the problem is the column headers.

It doesn't matter what color they are.

I'd like to make just two rows as a column header. And, I'd like to make three groups on the first column header row.

Please refer to attached image.

I'm waiting for your information.

Thank you in advance.

alt text

ayush1906
Path Finder

+1

Tags (2)
0 Karma

ayush1906
Path Finder

Hello everyone, 

I tried doing the same, but unable to do so, can someone provide a guided approach.

@niketn @nplamondon @jkat54 

@to4kawa @martin_mueller 

0 Karma

jkat54
SplunkTrust
SplunkTrust

Why not label your columns A1,A2,A3,A4,B1,B2,B3&B4

if someone must have double column headers, show them excel 

ayush1906
Path Finder

in my case, there is a table with 25 columns, I have frozen the first two columns using CSS, and used legends color codes to distinguish data. But, as we keep on adding columns need to define a common group for them.

 

Let's Say for example :

column A1,B1,C1  denote geographic details.

column D1.E1,F1 denotes the stats for Income (mean, median,mode)

column G1,H1 depicts the population ( 5 years ago, present)

 

all these require a common header.

 

I am open to showing these headers as separate panels and link both the tables.

to4kawa
Ultra Champion

sample:

 

index=_internal sourcetype=splunkd*
| bin span=1h _time
| stats count by _time source sourcetype
| eval source_sourcetype=sourcetype.": ".source
| xyseries _time source_sourcetype count

 

Why don't you try xyseries ?

sample2:

| makeresults
| eval _raw=split("abcdefgh","")
| stats count by _raw
| streamstats count as session
| streamstats list(session) as count
| mvexpand count
| sort _raw - count
| stats list(count) as session by _raw
| fillnull a b c d e f g h
| eval tmp=split("abcdefgh","")
| foreach a b c d e f g h [ eval <<FIELD>> = mvindex(session, mvfind(tmp,"<<FIELD>>"))]
| fields - _raw tmp session

How else was I going to calculate the rest?

0 Karma

ayush1906
Path Finder

ayush1906_0-1591960351694.png

 

My table cannot have big headers, that's why I didn't use xyseries.

Colors, for now, are doing the work of distinguishing 

Moreover, I was thinking of adding another bar on top, but splunk's internal js and css are not allowing my table to go beyond 100% of the page, hence I cannot expand my other table to cover all the columns.

 

Total Columns as of now 25. out of which Market and the market unit is frozen.

niketn
Legend

When you want to Group Columns in a table together, do you have fixed no. of fields for each group? If not what is the logic for grouping? Can the logic be handled in code (SPL or JS)?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

bnikhil0584
Explorer

Hi @niketn 

I'm also looking for the similar requirement like in the below screenshot, I've to show counts for total and escalations. Please let me know if it is possible in Splunk with header and a sub-header. TIA

 

bnikhil0584_0-1616791300353.png

 

0 Karma

jkat54
SplunkTrust
SplunkTrust

I like the colors approach!

0 Karma

muguniya
Explorer

Hi,

This may help you, add row on top of the actual resultset row in your dashboard and span into 3 columns

  • <row><html><div><span>Group1</span>Group2<span>Group3</span><span></span></div></html></row>

Use html width property to span your Group1,2,3

Thanks,
Mugunth

0 Karma

DEAD_BEEF
Builder

I am pretty sure this is not possible in splunk. You can try looking on splunkbase to see if someone has made a table app that can do something like that, but I don't believe that is do-able out of the box.

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...