Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you show a row count in a dashboard panel?

edwardrose
Contributor
‎10-02-2018 12:28 PM

Hello All

I am not sure how to show the row count in my dashboard.

I have one panel that searches a list of hosts for data and displays the indexes and source types. I have a second panel that shows hosts that are not reporting into Splunk and I would like to have the count listed at the top of the panel.

I did try to follow some instructions from others on answers.splunk.com, but the XML keeps giving me errors. Can someone please help me get it right?

thanks
ed

<form>
  <label>DMZ Host Data</label>
  <description>List of all DMZ Hosts and the data collected</description>
  <fieldset autoRun="false">
    <input type="dropdown" token="hostname">
      <label>Host Name</label>
      <fieldForLabel>hostname</fieldForLabel>
      <fieldForValue>hostname</fieldForValue>
      <search>
        <query>| inputlookup dmzhosts.csv 
| dedup hostname 
| search NOT hostname=*vip*
| sort hostname</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <initialValue>*</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>All Indexes associated with Host</title>
      <table>
        <title>Indexes</title>
        <search>
          <query>index=* host=$hostname$* |stats values(index) as index values(sourcetype) as sourcetype values(source) as source</query>
          <earliest>-7d@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <title>Missing DMZ Hosts</title>
      <table>
        <title>List of hosts in the DMZ that are not reporting in total</title>
        <search>
          <query>| inputlookup missing_dmzhosts.csv 
| search NOT host=*VIP*
| lookup dnslookup clienthost as host OUTPUT clientip as IP 
| join type=outer IP 
    [ inputlookup gennery_espinoza_assets.csv] 
| table host, IP, Director</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>
Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

493669
Super Champion
‎10-02-2018 09:48 PM

Try this:

<panel>
       <title>Missing DMZ Hosts</title>
       <table>
         <title>List of hosts in the DMZ that are not reporting in total $count$</title>
         <search>
           <query>| inputlookup missing_dmzhosts.csv 
 | search NOT host=*VIP*
 | lookup dnslookup clienthost as host OUTPUT clientip as IP 
 | join type=outer IP 
     [ inputlookup gennery_espinoza_assets.csv] 
 | table host, IP, Director</query>
           <earliest>-24h@h</earliest>
           <latest>now</latest>
           <progress>
                <set token="count">$job.resultCount$</set>
          </progress>
         </search>
         <option name="drilldown">none</option>
         <option name="refresh.display">progressbar</option>
       </table>
     </panel>

Here created token name-count and saved query result count in it.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

493669
Super Champion
‎10-02-2018 09:48 PM

Try this:

<panel>
       <title>Missing DMZ Hosts</title>
       <table>
         <title>List of hosts in the DMZ that are not reporting in total $count$</title>
         <search>
           <query>| inputlookup missing_dmzhosts.csv 
 | search NOT host=*VIP*
 | lookup dnslookup clienthost as host OUTPUT clientip as IP 
 | join type=outer IP 
     [ inputlookup gennery_espinoza_assets.csv] 
 | table host, IP, Director</query>
           <earliest>-24h@h</earliest>
           <latest>now</latest>
           <progress>
                <set token="count">$job.resultCount$</set>
          </progress>
         </search>
         <option name="drilldown">none</option>
         <option name="refresh.display">progressbar</option>
       </table>
     </panel>

Here created token name-count and saved query result count in it.

0 Karma
Reply
Solved! Jump to solution

edwardrose
Contributor
‎10-03-2018 09:26 AM

That works awesome. Thanks a lot

-ed

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...