Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

multiple search queries in one panel

luvukrishna
Engager
‎03-24-2017 01:39 AM

Can anyone help simplify attached XML to display result in one panel as described below

Current Result

3 panels
x Count
4

Y Count
5

z Count
15

Expecting to display as single table
X Count 4
Y Count 5
Z Count 15

sample.jpg
Preview file
151 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:28 AM

I think you are getting ahead of yourself a bit - as I read it from your description, the problem has nothing to do with panels and everything to do with the search. So, let's work on that.

Try a search like

service="xxxx" method="xx" types="x" | stats count | eval "Count Type"="X Count"
| append
    [ search service="yyyy" <other y stuff> | stats count | eval "Count Type"="Y Count"]
| append
    [ search service="zzzz" <other z stuff> | stats count | eval "Count Type"="Z Count"]
| table "Count Type", count

See if those results are what you'd like to have on the dashboard panel. If they are, then add them. 🙂 If they are not, please be sure to comment back (using the code button to paste in code!) with exactly what is or is not working with it and we'll be glad to help more!

Happy Splunking,
Rich

View solution in original post

Reply
Solved! Jump to solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:37 AM

If you really don't want to fix the searches and just want those panels to be better "combined", you could remove the two sections in your code that look like 

</panel>
<panel>

from the two places in the middle of that chunk of code you took a screenshot of.

That won't quite fix it, but it'll be better and maybe that's all you need.

0 Karma
Reply
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:28 AM

I think you are getting ahead of yourself a bit - as I read it from your description, the problem has nothing to do with panels and everything to do with the search. So, let's work on that.

Try a search like

service="xxxx" method="xx" types="x" | stats count | eval "Count Type"="X Count"
| append
    [ search service="yyyy" <other y stuff> | stats count | eval "Count Type"="Y Count"]
| append
    [ search service="zzzz" <other z stuff> | stats count | eval "Count Type"="Z Count"]
| table "Count Type", count

See if those results are what you'd like to have on the dashboard panel. If they are, then add them. 🙂 If they are not, please be sure to comment back (using the code button to paste in code!) with exactly what is or is not working with it and we'll be glad to help more!

Happy Splunking,
Rich

Reply
Solved! Jump to solution

luvukrishna
Engager
‎03-26-2017 08:05 PM

Thanks Rich,

0 Karma
Reply
Get Updates on the Splunk Community!

Transforming Financial Data into Fraud Intelligence

Every day, banks and financial companies handle millions of transactions, logins, and customer interactions ...

How to send events & findings from AWS to Splunk using Amazon EventBridge

Amazon EventBridge is a serverless service that uses events to connect application components together, making ...

Exciting News: The AppDynamics Community Joins Splunk!

Hello Splunkers,   I’d like to introduce myself—I’m Ryan, the former AppDynamics Community Manager, and I’m ...
Top