Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

In my dashboard, can four tables be joined into one?

samwatson45
Path Finder
‎06-26-2018 03:14 AM

Hi,

I have a dashboard which in which one of the panels features a table, currently made out of 4 separate searches (technically 4 tables just next to each other), like so:

alt text

The searches for each one look like this:

base search... | stats   latest(AvailabilityFlex)  AS Availability latest(RollOutFlex) AS RollOut  latest(LeadershipFlex) AS Leadership

Where for the other metrics the stats command looks for other metrics, i.e 

base search ... | stats  latest(AvailabilitySub)  AS Availability  latest(RollOutSub) AS RollOut  latest(LeadershipSub) AS Leadership

Is there an easy way of combining these searches all into one table, with the same structure as it currently has? A table with 4 columns and 4 rows, the first column one being the 'metric' and the name of that for each row?

Thanks,
Sam

EDIT: The reason for this is because when you generate the PDF it really stretches out the table, making it look much less professional. If anyone knows how to keep panels all grouped together when doing this, that would also work!

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

harishalipaka
Motivator
‎06-26-2018 03:37 AM 
 base search... | stats   latest(AvailabilityFlex)  AS Availability latest(RollOutFlex) AS RollOut  latest(LeadershipFlex) AS Leadership |eval a="query1"|append [ base search... | stats   latest(AvailabilityFlex)  AS Availability latest(RollOutFlex) AS RollOut  latest(LeadershipFlex) AS Leadership |eval a="query2"] |append [ base search... | stats   latest(AvailabilityFlex)  AS Availability latest(RollOutFlex) AS RollOut  latest(LeadershipFlex) AS Leadership |eval a="query3"]

details about append

differance between append and appendcols

Thanks
Harish

View solution in original post

Reply
Solved! Jump to solution
Solution

harishalipaka
Motivator
‎06-26-2018 03:37 AM 
 base search... | stats   latest(AvailabilityFlex)  AS Availability latest(RollOutFlex) AS RollOut  latest(LeadershipFlex) AS Leadership |eval a="query1"|append [ base search... | stats   latest(AvailabilityFlex)  AS Availability latest(RollOutFlex) AS RollOut  latest(LeadershipFlex) AS Leadership |eval a="query2"] |append [ base search... | stats   latest(AvailabilityFlex)  AS Availability latest(RollOutFlex) AS RollOut  latest(LeadershipFlex) AS Leadership |eval a="query3"]

details about append

differance between append and appendcols

Thanks
Harish
Reply
Solved! Jump to solution

samwatson45
Path Finder
‎06-26-2018 03:44 AM

Thanks! This works great.
Do you know how to get the additional column (a=query1, etc) to be at the left of the table rather than the right?

0 Karma
Reply
Solved! Jump to solution

Sukisen1981
Champion
‎06-26-2018 07:13 AM

what happens if you just pipe after the query above , something like base search... | stats latest(AvailabilityFlex) AS Availability latest(RollOutFlex) AS RollOut latest(LeadershipFlex) AS Leadership |eval a="query1"|append [ base search... | stats latest(AvailabilityFlex) AS Availability latest(RollOutFlex) AS RollOut latest(LeadershipFlex) AS Leadership |eval a="query2"] |append [ base search... | stats latest(AvailabilityFlex) AS Availability latest(RollOutFlex) AS RollOut latest(LeadershipFlex) AS Leadership |eval a="query3"]| fields a,Availability,RollOut,Leadership

Basically just provide the fields in the respective order that you need with the |fields command?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...