How do I display default field in apps panel

jangid · ‎08-15-2012

How do I display default field in my apps panel?

I want to display host, source, sourcetype in my custom panel that will display events.
here is the XML

  <form>
      <label>TAFC INI</label>
        <fieldset autoRun="true">
            <input type="time" searchWhenChanged="true">
                <default>All time</default>
            </input>
        </fieldset>  
      <row>
        <event>
          <searchName>my_ini</searchName>
          <title>ini Configuration</title>
        </event>
      </row>
    </form>

I want to display these below the event listing similar to default search app event listing

myeventlisting
host=myhost | sourcetype=mysrctype | Source=mysource

jangid · ‎10-09-2012

Is there any way to display these field at the bottom of the event listing?

myeventlisting
host=myhost | sourcetype=mysrctype | Source=mysource

Drainy · ‎08-16-2012

Simple, just make sure you | table host,source,sourcetype in your search and then use the table xml to display it as per;

http://docs.splunk.com/Documentation/Splunk/latest/Developer/PanelReference#Table_panel

Edit: Also, whilst its great to ask questions when you're stuck. For basic beginner things like these you should really sit down and read the docs. They have some great explanations and walk-throughs. When you get stuck after that then come back with a more detailed question 🙂

jangid · ‎10-09-2012

Is there any way to display these field at the bottom of the event listing?

myeventlisting
host=myhost | sourcetype=mysrctype | Source=mysource

How do I display default field in apps panel

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes