Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to achieve dashboard filter on a tabular panel without the visibility of that filter column?

Vish
Explorer
‎04-25-2023 04:25 AM

So I have a tabular chart as below with component, basket and ageing for 1 to 10 days.

So basically i am finding out the ageing of each component and also a basket filter to filter out the component based on different basket.

But i don't want the basket column to be in my tabular chart like if u can see the last 2 rows are of same component but different basket now i want a single row of each component and i will add a filter using the basket column and it has to filter out according but my below tabular chart should be change to a tabular chart having only component column and age column (and only one row for each component).

Vish_0-1682421585367.png

So is it possible to do it. If yes, please help out.

 

Labels (1)
Labels
0 Karma
Reply

seemanshu
Path Finder
‎04-25-2023 10:50 PM

Hi @Vish ,
Thanks for the update.
As per the recent requirement, if the rows with similar COMPONENT are required to be combined in a single row, then one of the following options could be used,

  • if the BASKET is required in the final result, then use the following search,

 

index=<index_name> sourcetype=<sourcetype_name>
| table COMPONENT, BASKET, AGE
| search BASKET=$tok_basket$
| stats values(AGE) as AGE, values(BASKET) as BAKSET by COMPONENT
  • if BASKET is NOT required in the final results, then use the following search,
index=<index_name> sourcetype=<sourcetype_name>
| table COMPONENT, BASKET, AGE
| search BASKET=$tok_basket$
| stats values(AGE) as AGE by COMPONENT

Here, the filter $tok_basket$ passes the BASKET number as the user selects and filters out the results.

Kindly support the answer if found helpful.

0 Karma
Reply

Vish
Explorer
‎04-26-2023 09:01 PM

The solution gave a partial answer, my components got combined but in my ageing column data is missing

this output should be these combination

Vish_1-1682568385665.png

 



but i have got this

Vish_0-1682568323595.png

few values are reversed also like the values of age of basket 3 is exhanged with basket 4

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-25-2023 10:38 PM

@Vish - Your query would be something like this to achieve it.

..... <your original search> ....
| search BASKET=$tok_basket$
| stats values(AGE) as AGE by COMPONENT

 

  • Here in this query, $tok_basket$ is filtering the results as you asked.
  • And then | stats ... by COMPONENT as you asked to get only one line instead of multiple lines.

 

Kindly upvote if you found it helpful!!!

0 Karma
Reply

seemanshu
Path Finder
‎04-25-2023 04:59 AM

Hi @Vish ,
As per the requested query,
the following search could be used,

index=<index_name> sourcetype=<sourcetype_name>
| table COMPONENT, BASKET, AGE
| search BASKET=$tok_basket$
| fields - BASKET

Here, the filter $tok_basket$ passes the BASKET number as the user selects and filters out the results.

Kindly support the answer if found helpful.

0 Karma
Reply

Vish
Explorer
‎04-25-2023 09:15 PM

@seemanshu  This is valid if the Basket has to be removed from output but i want the rows to be combined as a single row, like the last 2 rows of my below picture as to be a single row

0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...