- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Can we display search results in HTML tags using S...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can we display search results in HTML tags using Splunk version 6.x?
Hi All,
In Splunk older versions, there is a concept of distributing the Splunk search results in HTML modules, or HTML tags using the results token. i.e. results[0].fieldname etc.
In Splunk 6.x version do we have any examples of getting the same functionality?
My older sample code in Splunk 5.x version:
<module name="HiddenSearch" layoutPanel="panel_row1_col1_grp1" autoRun="True">
<param name="search">index=_internal | stats count </param>
<module name="HTML" layoutPanel="panel_row5_col1_grp1">
<param name="html">
<div> Search Results : $results.count$ </div>
</param>
</module>
</module>
Can we have something similar for Splunk 6.x version ??
thanks,
Rakesh,.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Following are some of common search tokens:
Job Metadata
$job.earliestTime$ - Initial time a search job starts
$job.latestTime$ - Latest time recorded for the search job
$job.resultCount$ - Number of results returned by the search job
$job.runDuration$ - Time, in seconds, that the search took to complete
$job.messages$ - List of error and debug messages generated by the search job
Search Results (first result only)
$result.[fieldName]$ - Results are referenced directly by their field name.
Refer to Search Result Setter example on the Splunk 6.x Dashboard Example App.
<search>
<query>index=_internal | top sourcetype</query>
<earliest>-60m</earliest>
<latest>now</latest>
<!-- Use the following search events to access job properties, and set tokens that can be accessible throughout the page -->
<!-- Progress event has access to job properties only (not first result row) -->
<progress>
<set token="sourcetype_count">$job.resultCount$</set>
</progress>
<cancelled>
<unset token="sourcetype_count"></unset>
</cancelled>
</search>
Also for using HTML Panels in Splunk Dashboard refer to Null Search Swapper example. Following is a snippet from the same
<html depends="$show_html$">
<p style="color:blue;margin-left:30px;font-size:14px">Search returned no results, so we've hidden the chart!</p>
</html>
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Niketnilay,
thanks for your reply. from the above code its show to refer to the first row of the results , how can we refer to the second row of the results ??
Search Results (first result only)
$result.[fieldName]$ - Results are referenced directly by their field name.
Is there any way to refer to the second row and so on...
many thanks,
Rakesh.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think there is way through Simple XML. You can do it either through SDK or JavaScript Extensions.
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Niketnilay,
thanks for your reply. from the above code its show to refer to the first row of the results , how can we refer to the second row of the results ??
Search Results (first result only)
$result.[fieldName]$ - Results are referenced directly by their field name.
Is there any way to refer to the second row and so on...
many thanks,
Rakesh.
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
