Hi,
I have a search like this:
sourcetype=syslog AND host="xxx.xxx.xxx.xxx" AND mpkg | stats count by username, operation | sort count
This gives me a nice graph, which I've added to a Dashboard:
However, I would love to get a total count of the Downloads operation be displayed inside the graph, like a Legend of sorts, which will show total downloads were e.g. "157 events" (the count of matches as displayed by the Search view).
How can I do that?
Thanks,
Virgil
If you're using Splunk 6.3+ version, they try something like this (see the token setting in <done>
tag and usage in panel title)
<form>
......
<row>
<panel>
<table>
<title>Total Results: $resultcount$</title>
<search>
<query>sourcetype=syslog AND host="xxx.xxx.xxx.xxx" AND mpkg | stats count by username, operation | sort count</query>
<earliest>-15m</earliest>
<latest>now</latest>
<done>
<eval token="resultcount">$job.resultCount$</eval>
</done>
</search>
........
</table>
</panel>
</row>
.......
</form>
If you're using Splunk 6.3+ version, they try something like this (see the token setting in <done>
tag and usage in panel title)
<form>
......
<row>
<panel>
<table>
<title>Total Results: $resultcount$</title>
<search>
<query>sourcetype=syslog AND host="xxx.xxx.xxx.xxx" AND mpkg | stats count by username, operation | sort count</query>
<earliest>-15m</earliest>
<latest>now</latest>
<done>
<eval token="resultcount">$job.resultCount$</eval>
</done>
</search>
........
</table>
</panel>
</row>
.......
</form>
This idea worked for me, thanks somesoni2