Solved: Re: Need to add Additional panel with total?

renuka · ‎06-01-2021

Hello

"Good Day"

I am trying to add the extra column for totals. If you observe above picture, I have four counts of domain and now i need one more column which gives sum of all the above columns and it should be seen in dashboard

I need to get output of field domain in this form
Can you please help me to find the solutions.

gcusello · ‎06-02-2021

Hi @renuka,

You have to create a Post Process Search containing your full search (without addcoltotals).

e.g.:

...
| stats count BY CRS_Domain

and in each panel call the base search adding an additional search filtering in each panel put a final filter, e.g. if your base search is called "basesearch", in the "V&V" panel you'll have:

<search base="basesearch">
     <query>
          | search CRS_Domain="V&V"
          | table count
     </query>
</search>

instead in the last panle (total), you have to add:

<search base="basesearch">
     <query>
          | addcoltotals labelfield=CRS_Domain label="Total"
          | search sourcetype=Total
          | table count
     </query>
</search>

If you want to better understand how Post process Search works see at https://docs.splunk.com/Documentation/Splunk/8.2.0/Viz/Savedsearches#Post-process_searches_2 or see the Splunk Dashboard Examples App (https://splunkbase.splunk.com/app/1603/).

Ciao.

Giuseppe

View solution in original post

gcusello · ‎06-01-2021

Hi @renuka,

the searches of the panels, are similar or all different?

because it isn't possible to pass a token from a panel to another without drilldown,

so in the total panel you have to use a search that gives all the values to sum.

So if they are similar, you could create a post process search and put in each panel the value.

Ciao.

Giuseppe

renuka · ‎06-02-2021

@gcusello
They are similar

I tried adding addcoltotals which actually giving me the sum of all the above but in visualizaton i couldn't display all four value count and total

gcusello · ‎06-02-2021

Hi @renuka,

You have to create a Post Process Search containing your full search (without addcoltotals).

e.g.:

...
| stats count BY CRS_Domain

and in each panel call the base search adding an additional search filtering in each panel put a final filter, e.g. if your base search is called "basesearch", in the "V&V" panel you'll have:

<search base="basesearch">
     <query>
          | search CRS_Domain="V&V"
          | table count
     </query>
</search>

instead in the last panle (total), you have to add:

<search base="basesearch">
     <query>
          | addcoltotals labelfield=CRS_Domain label="Total"
          | search sourcetype=Total
          | table count
     </query>
</search>

If you want to better understand how Post process Search works see at https://docs.splunk.com/Documentation/Splunk/8.2.0/Viz/Savedsearches#Post-process_searches_2 or see the Splunk Dashboard Examples App (https://splunkbase.splunk.com/app/1603/).

Ciao.

Giuseppe

renuka · ‎06-02-2021

@gcusello

Thank you for helping

gcusello · ‎06-02-2021

Hi @renuka,

good for you, see next time!

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

Need to add Additional panel with total?

stats

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!