Dashboards & Visualizations

Is it possible to get the value of a specific row of the $result.$?

morethanyell
Builder

Given that we have index=foo sourcetype=bar | table Aaa Bbb Ccc Ddd in a <search>, is it possible to get the (say for example) the 4th row of $result.Ccc$? According to Splunk, $result.Ccc$only retrieves the first row.

1 Solution

niketn
Legend

@morethanyell... It was this same constraint for which I had provided you the options in your previous question

You can use appendcol to add column from results of a subsearch to the existing columns of the main search and then display the results using Splunk's table visualization.

In the context of this question you would need to use Splunk JS stack to iterate through the search result to set a particular token: Refer to one of my older answers: https://answers.splunk.com/answers/618930/how-can-i-get-the-table-cell-colorization-renderin-1.html

This is a basic example of using SplunkJS stack to access search results where you can create a loop to iterate through result rows: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEU6

PS: Before you try to dive into SplunkJS do check out whether appendcols solves your need or not. For us to assist you better you should provide more details on what first query returns and around second query with new column and how it is correlated with first results to be displayed in the same table. Also any reason for using <html><panel> with <table>, instead of Splunk's <table> visualization?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma

niketn
Legend

@morethanyell... It was this same constraint for which I had provided you the options in your previous question

You can use appendcol to add column from results of a subsearch to the existing columns of the main search and then display the results using Splunk's table visualization.

In the context of this question you would need to use Splunk JS stack to iterate through the search result to set a particular token: Refer to one of my older answers: https://answers.splunk.com/answers/618930/how-can-i-get-the-table-cell-colorization-renderin-1.html

This is a basic example of using SplunkJS stack to access search results where you can create a loop to iterate through result rows: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEU6

PS: Before you try to dive into SplunkJS do check out whether appendcols solves your need or not. For us to assist you better you should provide more details on what first query returns and around second query with new column and how it is correlated with first results to be displayed in the same table. Also any reason for using <html><panel> with <table>, instead of Splunk's <table> visualization?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

morethanyell
Builder

thanks @niketnilay please convert your comment to answer

0 Karma

niketn
Legend

@morethanyell, I have converted to answer. In case you go the Splunk JS route, do let us know if you need further help 🙂

I do strongly feel appendcols seems a good fit for your use case!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...