Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you show a row count in a dashboard panel?

edwardrose
Contributor
‎10-02-2018 12:28 PM

Hello All

I am not sure how to show the row count in my dashboard.

I have one panel that searches a list of hosts for data and displays the indexes and source types. I have a second panel that shows hosts that are not reporting into Splunk and I would like to have the count listed at the top of the panel.

I did try to follow some instructions from others on answers.splunk.com, but the XML keeps giving me errors. Can someone please help me get it right?

thanks
ed

<form>
  <label>DMZ Host Data</label>
  <description>List of all DMZ Hosts and the data collected</description>
  <fieldset autoRun="false">
    <input type="dropdown" token="hostname">
      <label>Host Name</label>
      <fieldForLabel>hostname</fieldForLabel>
      <fieldForValue>hostname</fieldForValue>
      <search>
        <query>| inputlookup dmzhosts.csv 
| dedup hostname 
| search NOT hostname=*vip*
| sort hostname</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <initialValue>*</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>All Indexes associated with Host</title>
      <table>
        <title>Indexes</title>
        <search>
          <query>index=* host=$hostname$* |stats values(index) as index values(sourcetype) as sourcetype values(source) as source</query>
          <earliest>-7d@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <title>Missing DMZ Hosts</title>
      <table>
        <title>List of hosts in the DMZ that are not reporting in total</title>
        <search>
          <query>| inputlookup missing_dmzhosts.csv 
| search NOT host=*VIP*
| lookup dnslookup clienthost as host OUTPUT clientip as IP 
| join type=outer IP 
    [ inputlookup gennery_espinoza_assets.csv] 
| table host, IP, Director</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>
Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

493669
Super Champion
‎10-02-2018 09:48 PM

Try this:

<panel>
       <title>Missing DMZ Hosts</title>
       <table>
         <title>List of hosts in the DMZ that are not reporting in total $count$</title>
         <search>
           <query>| inputlookup missing_dmzhosts.csv 
 | search NOT host=*VIP*
 | lookup dnslookup clienthost as host OUTPUT clientip as IP 
 | join type=outer IP 
     [ inputlookup gennery_espinoza_assets.csv] 
 | table host, IP, Director</query>
           <earliest>-24h@h</earliest>
           <latest>now</latest>
           <progress>
                <set token="count">$job.resultCount$</set>
          </progress>
         </search>
         <option name="drilldown">none</option>
         <option name="refresh.display">progressbar</option>
       </table>
     </panel>

Here created token name-count and saved query result count in it.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

493669
Super Champion
‎10-02-2018 09:48 PM

Try this:

<panel>
       <title>Missing DMZ Hosts</title>
       <table>
         <title>List of hosts in the DMZ that are not reporting in total $count$</title>
         <search>
           <query>| inputlookup missing_dmzhosts.csv 
 | search NOT host=*VIP*
 | lookup dnslookup clienthost as host OUTPUT clientip as IP 
 | join type=outer IP 
     [ inputlookup gennery_espinoza_assets.csv] 
 | table host, IP, Director</query>
           <earliest>-24h@h</earliest>
           <latest>now</latest>
           <progress>
                <set token="count">$job.resultCount$</set>
          </progress>
         </search>
         <option name="drilldown">none</option>
         <option name="refresh.display">progressbar</option>
       </table>
     </panel>

Here created token name-count and saved query result count in it.

0 Karma
Reply
Solved! Jump to solution

edwardrose
Contributor
‎10-03-2018 09:26 AM

That works awesome. Thanks a lot

-ed

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out &gt;&gt; As our brave ...