Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

multiple search queries in one panel

luvukrishna
Engager
‎03-24-2017 01:39 AM

Can anyone help simplify attached XML to display result in one panel as described below

Current Result

3 panels
x Count
4

Y Count
5

z Count
15

Expecting to display as single table
X Count 4
Y Count 5
Z Count 15

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:28 AM

I think you are getting ahead of yourself a bit - as I read it from your description, the problem has nothing to do with panels and everything to do with the search. So, let's work on that.

Try a search like

service="xxxx" method="xx" types="x" | stats count | eval "Count Type"="X Count"
| append
    [ search service="yyyy" <other y stuff> | stats count | eval "Count Type"="Y Count"]
| append
    [ search service="zzzz" <other z stuff> | stats count | eval "Count Type"="Z Count"]
| table "Count Type", count

See if those results are what you'd like to have on the dashboard panel. If they are, then add them. 🙂 If they are not, please be sure to comment back (using the code button to paste in code!) with exactly what is or is not working with it and we'll be glad to help more!

Happy Splunking,
Rich

View solution in original post

Reply
Solved! Jump to solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:37 AM

If you really don't want to fix the searches and just want those panels to be better "combined", you could remove the two sections in your code that look like 

</panel>
<panel>

from the two places in the middle of that chunk of code you took a screenshot of.

That won't quite fix it, but it'll be better and maybe that's all you need.

0 Karma
Reply
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎03-24-2017 07:28 AM

I think you are getting ahead of yourself a bit - as I read it from your description, the problem has nothing to do with panels and everything to do with the search. So, let's work on that.

Try a search like

service="xxxx" method="xx" types="x" | stats count | eval "Count Type"="X Count"
| append
    [ search service="yyyy" <other y stuff> | stats count | eval "Count Type"="Y Count"]
| append
    [ search service="zzzz" <other z stuff> | stats count | eval "Count Type"="Z Count"]
| table "Count Type", count

See if those results are what you'd like to have on the dashboard panel. If they are, then add them. 🙂 If they are not, please be sure to comment back (using the code button to paste in code!) with exactly what is or is not working with it and we'll be glad to help more!

Happy Splunking,
Rich

Reply
Solved! Jump to solution

luvukrishna
Engager
‎03-26-2017 08:05 PM

Thanks Rich,

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...