Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

multiple search queries in one panel

luvukrishna
Engager
‎03-24-2017 01:39 AM

Can anyone help simplify attached XML to display result in one panel as described below

Current Result

3 panels
x Count
4

Y Count
5

z Count
15

Expecting to display as single table
X Count 4
Y Count 5
Z Count 15

Preview file
151 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:28 AM

I think you are getting ahead of yourself a bit - as I read it from your description, the problem has nothing to do with panels and everything to do with the search. So, let's work on that.

Try a search like

service="xxxx" method="xx" types="x" | stats count | eval "Count Type"="X Count"
| append
    [ search service="yyyy" <other y stuff> | stats count | eval "Count Type"="Y Count"]
| append
    [ search service="zzzz" <other z stuff> | stats count | eval "Count Type"="Z Count"]
| table "Count Type", count

See if those results are what you'd like to have on the dashboard panel. If they are, then add them. 🙂 If they are not, please be sure to comment back (using the code button to paste in code!) with exactly what is or is not working with it and we'll be glad to help more!

Happy Splunking,
Rich

View solution in original post

Reply
Solved! Jump to solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:37 AM

If you really don't want to fix the searches and just want those panels to be better "combined", you could remove the two sections in your code that look like 

</panel>
<panel>

from the two places in the middle of that chunk of code you took a screenshot of.

That won't quite fix it, but it'll be better and maybe that's all you need.

0 Karma
Reply
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:28 AM

I think you are getting ahead of yourself a bit - as I read it from your description, the problem has nothing to do with panels and everything to do with the search. So, let's work on that.

Try a search like

service="xxxx" method="xx" types="x" | stats count | eval "Count Type"="X Count"
| append
    [ search service="yyyy" <other y stuff> | stats count | eval "Count Type"="Y Count"]
| append
    [ search service="zzzz" <other z stuff> | stats count | eval "Count Type"="Z Count"]
| table "Count Type", count

See if those results are what you'd like to have on the dashboard panel. If they are, then add them. 🙂 If they are not, please be sure to comment back (using the code button to paste in code!) with exactly what is or is not working with it and we'll be glad to help more!

Happy Splunking,
Rich

Reply
Solved! Jump to solution

luvukrishna
Engager
‎03-26-2017 08:05 PM

Thanks Rich,

0 Karma
Reply
Get Updates on the Splunk Community!

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...