I have to show results like below in a dashboard.
For example:
1) first table shows all the sales orders, as of now system has two sales order
2) then I need to show below the sales order table, something like:
Details of sales order 1001
.....
.....
....
Details of Sales order 1002
.....
.....
....
Can someone please explain how can I show this?
Thank you In advance
If you need two tables, please try to use two panels. One panel should give you all the sales orders with a query like:
index=yourIndex sourcetype=yourSourcetype | stats dc(salesOrderNameField) as "Total Sales Orders"
Then for the details of sales order, please check what all fields are available and then table them in a new panel with a query
index=yourIndex sourcetype=yourSourcetype |dedup salesOrderNameField| table salesOrderNameField, salesOrderDateField, and so on
if the details of the sales orders are on a separate table, you can do something like
base search for sales orders|append [search for details of sales orders]|sort salesOrderId
http://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Append