Solved: How to show two search results in one dashboard pa...

muthvin · ‎01-15-2016

HI all
I have two search which yield the table like this below:

Module1 Module2

Name1 1.2 2.2
Name2 1.5 3.2
Name3 1.6 4.2
Name4 1.2 5.2
Name5 1.5 6.2
Name6 1.6 7.2

My queries are like: index=_internal module="module1" | stats count by sourcetype and
index=_internal module="module2" | stats count by sourcetype

I want to merge these queries and create a dashboard panel to yield results as in table and line graph with two lines in it.
It will be great if someone help me here!

Thanks.

jluo_splunk · ‎01-15-2016

Hi muthvin, try this:

index=_internal module="module1" OR module="module2" | chart count over module by sourcetype

View solution in original post

jluo_splunk · ‎01-15-2016

Hi muthvin, try this:

index=_internal module="module1" OR module="module2" | chart count over module by sourcetype

somesoni2 · ‎01-15-2016

I guess the chart command should say this to get sourcetype as rows and module as columns

... | chart count over sourcetype by module

muthvin · ‎01-15-2016

Thanks guys in my case i reverted module by sourcetype and that solves my problem..

How to show two search results in one dashboard panel

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup