All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I place a search bar above a sankey chart?

hylam
Contributor
‎11-26-2015 11:02 PM

It should work like a search app with sankey chart visualization. The running search should cause the sankey chart and stats table to update. Don't forget the time picker.

EDIT1
wide text box + submit button + separate time picker should work, too.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎11-29-2015 06:58 PM

Hi hylam,

take this run everywhere dashboard to see how it can be done:

<form script="autodiscover.js">
  <label>my_foo_selector Clone</label>
  <fieldset submitButton="ture">
    <input type="time" token="time">
      <label>Select time range:</label>
      <default>
        <earliest>@d</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="text" token="text">
      <label>Enter text to search:</label>
      <default>*</default>
    </input>
  </fieldset>
  <search id="viz_search">
    <query>
      <![CDATA[
                    index=_internal $text$ earliest="$time.earliest$" latest="$time.latest$" sourcetype=splunk_web_access NOT uri_path=*/static/* uri_path=*/app/* OR uri_path=*/manager/* 
                    | rex field=referer "https?://.+?/.+?(?<referer_path>/[^\\?]+)" 
                    | rex field=uri_path "/.+?(?<path>/.+)" 
                    | rename referer_path as from path as to 
                    | stats count by from to | sort -count | head 50
                ]]>
    </query>
  </search>
  <row>
    <panel>
      <html>
       <h2>Sankey</h2>
       <div id="sankey" class="splunk-view" data-require="app/simple_xml_examples/components/sankey/sankey" data-options="{                             &quot;managerid&quot;: &quot;viz_search&quot;,                             &quot;height&quot;: 400                          }">
                </div>
      </html>
    </panel>
  </row>
</form>

You must have the Simple XML dashboard example App installed https://splunkbase.splunk.com/app/1603/

Hope this helps to get you started and change / modify / add any additional charts as needed 😉

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
Legend
‎11-29-2015 06:58 PM

Hi hylam,

take this run everywhere dashboard to see how it can be done:

<form script="autodiscover.js">
  <label>my_foo_selector Clone</label>
  <fieldset submitButton="ture">
    <input type="time" token="time">
      <label>Select time range:</label>
      <default>
        <earliest>@d</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="text" token="text">
      <label>Enter text to search:</label>
      <default>*</default>
    </input>
  </fieldset>
  <search id="viz_search">
    <query>
      <![CDATA[
                    index=_internal $text$ earliest="$time.earliest$" latest="$time.latest$" sourcetype=splunk_web_access NOT uri_path=*/static/* uri_path=*/app/* OR uri_path=*/manager/* 
                    | rex field=referer "https?://.+?/.+?(?<referer_path>/[^\\?]+)" 
                    | rex field=uri_path "/.+?(?<path>/.+)" 
                    | rename referer_path as from path as to 
                    | stats count by from to | sort -count | head 50
                ]]>
    </query>
  </search>
  <row>
    <panel>
      <html>
       <h2>Sankey</h2>
       <div id="sankey" class="splunk-view" data-require="app/simple_xml_examples/components/sankey/sankey" data-options="{                             &quot;managerid&quot;: &quot;viz_search&quot;,                             &quot;height&quot;: 400                          }">
                </div>
      </html>
    </panel>
  </row>
</form>

You must have the Simple XML dashboard example App installed https://splunkbase.splunk.com/app/1603/

Hope this helps to get you started and change / modify / add any additional charts as needed 😉

cheers, MuS

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...