I need to create a dynamic dashboard with both individual view and cumulative view for the below requirement
Need to consolidate the API list name with its result and its time
API_Name | Scheduler Run results Date/Time Fail Pass
Assest API | Pass | 04/14/2017 11.30 AM | 0| 1
Membership API | Pass | 04/14/2017 11.30 AM | 0 |1
Plan sponsor API | Pass | 04/14/2017 11.30 AM |0 |1
Assest API | Fail | 04/14/2017 12.00 PM |1 |0
Membership API | Fail | 04/14/2017 12.00 PM |1| 0
Plan sponsor API | Pass| 04/14/2017 12.00 PM |0| 1
Assest API | Pass| 04/14/2017 12.30 PM |0|1
Membership API | Fail | 04/14/2017 12.30 PM| 1 |0
Plan sponsor API Fail 04/14/2017 12.30 PM 1 0
And also suggest which chart will be best to view this result in splunk dashboard
There's probably a more elegant way, but in the past I've appended data summarized the way I want:, e.g.
| your search here
| append [ search your search again
| stats sum(Fail) as Fail sum(Pass) as Pass by API_Name]
The addtotals command will give you overall totals, you could do it as part of the base search or the append.
Hope that helps!