Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to display number of search results as single value?

SimonSchoppel
Explorer
‎09-09-2022 01:15 AM

I want to display the number of sent data in certain time in the dashboard. I think the best way is with "Single Value".
How can I display the number of search results of a search in the dashboard?

For example my search ("message.additionalInfo.attributes.properties.receiver-market-partner-id"=12345678) finds 1500 events. How can I display the 1500 in the dashboard as a single value?

Thanks a lot!

Translated with www.DeepL.com/Translator (free version)

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎09-09-2022 01:31 AM

Hi @SimonSchoppel,

you have to create a search with a "stats count" statement  at the end, something like this:

<your_search>
| stats count

In this way, you have as result a single number to display in a Single Value panel.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎09-09-2022 01:31 AM

Hi @SimonSchoppel,

you have to create a search with a "stats count" statement  at the end, something like this:

<your_search>
| stats count

In this way, you have as result a single number to display in a Single Value panel.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

SimonSchoppel
Explorer
‎09-09-2022 02:31 AM

Thank you!!

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎09-09-2022 02:33 AM

Hi @SimonSchoppel,

good for you, see next time!

Please accept one answer for the other people of Community

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...