Dashboards & Visualizations

Is it possible to get the value of a specific row of the $result.$?

morethanyell
Builder

Given that we have index=foo sourcetype=bar | table Aaa Bbb Ccc Ddd in a <search>, is it possible to get the (say for example) the 4th row of $result.Ccc$? According to Splunk, $result.Ccc$only retrieves the first row.

1 Solution

niketn
Legend

@morethanyell... It was this same constraint for which I had provided you the options in your previous question

You can use appendcol to add column from results of a subsearch to the existing columns of the main search and then display the results using Splunk's table visualization.

In the context of this question you would need to use Splunk JS stack to iterate through the search result to set a particular token: Refer to one of my older answers: https://answers.splunk.com/answers/618930/how-can-i-get-the-table-cell-colorization-renderin-1.html

This is a basic example of using SplunkJS stack to access search results where you can create a loop to iterate through result rows: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEU6

PS: Before you try to dive into SplunkJS do check out whether appendcols solves your need or not. For us to assist you better you should provide more details on what first query returns and around second query with new column and how it is correlated with first results to be displayed in the same table. Also any reason for using <html><panel> with <table>, instead of Splunk's <table> visualization?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma

niketn
Legend

@morethanyell... It was this same constraint for which I had provided you the options in your previous question

You can use appendcol to add column from results of a subsearch to the existing columns of the main search and then display the results using Splunk's table visualization.

In the context of this question you would need to use Splunk JS stack to iterate through the search result to set a particular token: Refer to one of my older answers: https://answers.splunk.com/answers/618930/how-can-i-get-the-table-cell-colorization-renderin-1.html

This is a basic example of using SplunkJS stack to access search results where you can create a loop to iterate through result rows: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEU6

PS: Before you try to dive into SplunkJS do check out whether appendcols solves your need or not. For us to assist you better you should provide more details on what first query returns and around second query with new column and how it is correlated with first results to be displayed in the same table. Also any reason for using <html><panel> with <table>, instead of Splunk's <table> visualization?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

morethanyell
Builder

thanks @niketnilay please convert your comment to answer

0 Karma

niketn
Legend

@morethanyell, I have converted to answer. In case you go the Splunk JS route, do let us know if you need further help 🙂

I do strongly feel appendcols seems a good fit for your use case!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...