How do I format a Dashboard to show results of sep...

mac81 · ‎10-02-2018

How can I format a dashboard to show results of separate Searches "Rolled Up" (for ease of use)?

That is, instead of a list or a table, which takes up A LOT of vertical space, how can I show, for each separate Search, just a line that gives the Search name and then maybe how many results there are for that Search, and then the same for the next Search.

And then maybe the Search name would be clickable so as to expand the Search results?

Thanks.
Mac

whrg · ‎12-05-2018

How about using a single value panel showing the total number of results as well as a drilldown to the actual search?

Like this:

<dashboard>
  <label>Dashboard with Drilldowns</label>
  <row>
    <panel>
      <single>
        <title>index=_* sourcetype=splunkd</title>
        <search>
          <query>index=_* sourcetype=splunkd | stats count</query>
          <earliest>-60m@m</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">all</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
  </row>
</dashboard>

To add a drilldown to a single value panel in the UI editor, click on the three dots (More actions) next to the single value, then on Edit Drilldown and then Link to search.

How do I format a Dashboard to show results of separate Searches "Rolled Up" (for ease of use)?

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!