Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you show a row count in a dashboard panel?

edwardrose
Contributor
‎10-02-2018 12:28 PM

Hello All

I am not sure how to show the row count in my dashboard.

I have one panel that searches a list of hosts for data and displays the indexes and source types. I have a second panel that shows hosts that are not reporting into Splunk and I would like to have the count listed at the top of the panel.

I did try to follow some instructions from others on answers.splunk.com, but the XML keeps giving me errors. Can someone please help me get it right?

thanks
ed

<form>
  <label>DMZ Host Data</label>
  <description>List of all DMZ Hosts and the data collected</description>
  <fieldset autoRun="false">
    <input type="dropdown" token="hostname">
      <label>Host Name</label>
      <fieldForLabel>hostname</fieldForLabel>
      <fieldForValue>hostname</fieldForValue>
      <search>
        <query>| inputlookup dmzhosts.csv 
| dedup hostname 
| search NOT hostname=*vip*
| sort hostname</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <initialValue>*</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>All Indexes associated with Host</title>
      <table>
        <title>Indexes</title>
        <search>
          <query>index=* host=$hostname$* |stats values(index) as index values(sourcetype) as sourcetype values(source) as source</query>
          <earliest>-7d@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <title>Missing DMZ Hosts</title>
      <table>
        <title>List of hosts in the DMZ that are not reporting in total</title>
        <search>
          <query>| inputlookup missing_dmzhosts.csv 
| search NOT host=*VIP*
| lookup dnslookup clienthost as host OUTPUT clientip as IP 
| join type=outer IP 
    [ inputlookup gennery_espinoza_assets.csv] 
| table host, IP, Director</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>
Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

493669
Super Champion
‎10-02-2018 09:48 PM

Try this:

<panel>
       <title>Missing DMZ Hosts</title>
       <table>
         <title>List of hosts in the DMZ that are not reporting in total $count$</title>
         <search>
           <query>| inputlookup missing_dmzhosts.csv 
 | search NOT host=*VIP*
 | lookup dnslookup clienthost as host OUTPUT clientip as IP 
 | join type=outer IP 
     [ inputlookup gennery_espinoza_assets.csv] 
 | table host, IP, Director</query>
           <earliest>-24h@h</earliest>
           <latest>now</latest>
           <progress>
                <set token="count">$job.resultCount$</set>
          </progress>
         </search>
         <option name="drilldown">none</option>
         <option name="refresh.display">progressbar</option>
       </table>
     </panel>

Here created token name-count and saved query result count in it.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

493669
Super Champion
‎10-02-2018 09:48 PM

Try this:

<panel>
       <title>Missing DMZ Hosts</title>
       <table>
         <title>List of hosts in the DMZ that are not reporting in total $count$</title>
         <search>
           <query>| inputlookup missing_dmzhosts.csv 
 | search NOT host=*VIP*
 | lookup dnslookup clienthost as host OUTPUT clientip as IP 
 | join type=outer IP 
     [ inputlookup gennery_espinoza_assets.csv] 
 | table host, IP, Director</query>
           <earliest>-24h@h</earliest>
           <latest>now</latest>
           <progress>
                <set token="count">$job.resultCount$</set>
          </progress>
         </search>
         <option name="drilldown">none</option>
         <option name="refresh.display">progressbar</option>
       </table>
     </panel>

Here created token name-count and saved query result count in it.

0 Karma
Reply
Solved! Jump to solution

edwardrose
Contributor
‎10-03-2018 09:26 AM

That works awesome. Thanks a lot

-ed

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...