Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

multiple search queries in one panel

luvukrishna
Engager
‎03-24-2017 01:39 AM

Can anyone help simplify attached XML to display result in one panel as described below

Current Result

3 panels
x Count
4

Y Count
5

z Count
15

Expecting to display as single table
X Count 4
Y Count 5
Z Count 15

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:28 AM

I think you are getting ahead of yourself a bit - as I read it from your description, the problem has nothing to do with panels and everything to do with the search. So, let's work on that.

Try a search like

service="xxxx" method="xx" types="x" | stats count | eval "Count Type"="X Count"
| append
    [ search service="yyyy" <other y stuff> | stats count | eval "Count Type"="Y Count"]
| append
    [ search service="zzzz" <other z stuff> | stats count | eval "Count Type"="Z Count"]
| table "Count Type", count

See if those results are what you'd like to have on the dashboard panel. If they are, then add them. 🙂 If they are not, please be sure to comment back (using the code button to paste in code!) with exactly what is or is not working with it and we'll be glad to help more!

Happy Splunking,
Rich

View solution in original post

Reply
Solved! Jump to solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:37 AM

If you really don't want to fix the searches and just want those panels to be better "combined", you could remove the two sections in your code that look like 

</panel>
<panel>

from the two places in the middle of that chunk of code you took a screenshot of.

That won't quite fix it, but it'll be better and maybe that's all you need.

0 Karma
Reply
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:28 AM

I think you are getting ahead of yourself a bit - as I read it from your description, the problem has nothing to do with panels and everything to do with the search. So, let's work on that.

Try a search like

service="xxxx" method="xx" types="x" | stats count | eval "Count Type"="X Count"
| append
    [ search service="yyyy" <other y stuff> | stats count | eval "Count Type"="Y Count"]
| append
    [ search service="zzzz" <other z stuff> | stats count | eval "Count Type"="Z Count"]
| table "Count Type", count

See if those results are what you'd like to have on the dashboard panel. If they are, then add them. 🙂 If they are not, please be sure to comment back (using the code button to paste in code!) with exactly what is or is not working with it and we'll be glad to help more!

Happy Splunking,
Rich

Reply
Solved! Jump to solution

luvukrishna
Engager
‎03-26-2017 08:05 PM

Thanks Rich,

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...