Dashboards & Visualizations

How to create a dashboard where i can insert the result of one dashboard panel and add the result to another panel?

mrtolu6
Path Finder

I would like to create a dashboard where i can get the result from one panel (query 1) and insert the results into Panel 2 and 3. This dashboard should be in form format where type an IP address in a box, then add the the IP address to query 1. Query 1 results will then be inserted into query 2 and 3 which will display the result on each panel.

query 1 sourcetype=name app=http-proxy $token1$| stats count by src_ip
I would like to add the result from query 1 and insert the result to query 2 and 3.

query 2

index=name2 $tokenResultfromQuery1$   | rename user AS User clientip AS "Client IP Address" assigned_ip AS "Assigned IP Address" vpn AS VPN reason AS Reason |  table User "Client IP Address" "Assigned IP Address" Group VPN "Start Time" | sort-_time

query 3

sourcetype="WinEventLog:Security" $tokenResultfromQuery1$ | stats count by user, src_ip
0 Karma

lguinn2
Legend

You need a form, not a dashboard. You will also need a base search for the query and the post-process searches for the two panels. This will require editing the Simple XML. Here are the documentation references:

Build and Edit Forms: http://docs.splunk.com/Documentation/Splunk/6.6.2/Viz/Buildandeditforms

Post-process searches: http://docs.splunk.com/Documentation/Splunk/latest/Viz/Savedsearches#Post-process_searches

I think that the Splunk Dashboard Examples App may be more helpful than just the documentation...

There may be other ways to do this, but I think this is the most direct.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...