Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

multiple search queries in one panel

luvukrishna
Engager
‎03-24-2017 01:39 AM

Can anyone help simplify attached XML to display result in one panel as described below

Current Result

3 panels
x Count
4

Y Count
5

z Count
15

Expecting to display as single table
X Count 4
Y Count 5
Z Count 15

Preview file
151 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:28 AM

I think you are getting ahead of yourself a bit - as I read it from your description, the problem has nothing to do with panels and everything to do with the search. So, let's work on that.

Try a search like

service="xxxx" method="xx" types="x" | stats count | eval "Count Type"="X Count"
| append
    [ search service="yyyy" <other y stuff> | stats count | eval "Count Type"="Y Count"]
| append
    [ search service="zzzz" <other z stuff> | stats count | eval "Count Type"="Z Count"]
| table "Count Type", count

See if those results are what you'd like to have on the dashboard panel. If they are, then add them. 🙂 If they are not, please be sure to comment back (using the code button to paste in code!) with exactly what is or is not working with it and we'll be glad to help more!

Happy Splunking,
Rich

View solution in original post

Reply
Solved! Jump to solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:37 AM

If you really don't want to fix the searches and just want those panels to be better "combined", you could remove the two sections in your code that look like 

</panel>
<panel>

from the two places in the middle of that chunk of code you took a screenshot of.

That won't quite fix it, but it'll be better and maybe that's all you need.

0 Karma
Reply
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:28 AM

I think you are getting ahead of yourself a bit - as I read it from your description, the problem has nothing to do with panels and everything to do with the search. So, let's work on that.

Try a search like

service="xxxx" method="xx" types="x" | stats count | eval "Count Type"="X Count"
| append
    [ search service="yyyy" <other y stuff> | stats count | eval "Count Type"="Y Count"]
| append
    [ search service="zzzz" <other z stuff> | stats count | eval "Count Type"="Z Count"]
| table "Count Type", count

See if those results are what you'd like to have on the dashboard panel. If they are, then add them. 🙂 If they are not, please be sure to comment back (using the code button to paste in code!) with exactly what is or is not working with it and we'll be glad to help more!

Happy Splunking,
Rich

Reply
Solved! Jump to solution

luvukrishna
Engager
‎03-26-2017 08:05 PM

Thanks Rich,

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...