All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SideViewUtils : How to Open in Search

koshyk
Super Champion
‎07-01-2014 07:19 AM

In Splunk6 default simple xml dashboards, there is an option to Open Dashboard as a search. This is particularly useful for debugging purposes. ("Open in Search" option)

Is there a similar option with Sideview Utils dashboards/charts?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-01-2014 01:33 PM

1) The easiest way is to paste this into the view: 

<module name="Link">
  <param name="label">Open in Search</param>
  <module name="Redirector">
    <param name="url">search</param>
    <param name="arg.q">search $search$</param>
    <param name="arg.earliest">$search.timeRange.earliest$</param>
    <param name="arg.latest">$search.timeRange.latest$</param>
    <param name="target">_blank</param>
  </module>
</module>

It's kind of a lot of lines for such a simple link, but everything's at least fairly open about what it's doing.

In general whenever you use Redirector, you take the URL you want to end up with, and you break up all the querystring arguments (ie the ?q=search foo&username=mildred part) and you file all those away into the Redirector's arg.* params. The actual url param itself can be a full URL like http://google.com, but when you're just linking from view A to view B in the same app, you can just specify the view name and it becomes a relative link and the browser will know what to do.

and you can use the popup and target params and they'll do what you expect. Also for very advanced cases around when you have set popup to true, you can also use the windowFeatures param to customize the popup window size and scrollbars etc...

2) The old way to do it with Sideview Utils, before the Link module was to use the HTML module, but in many cases you had to use a ValueSetter module to manually url-encode the arguments and this was very tedious. The Link module was created to make this easier.

3) the old Splunk module ViewRedirectorLink still works, but you may find it limited. Link and Redirector will repay the time invested in them because you'll find them both useful in other use cases down the road.

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-01-2014 01:33 PM

1) The easiest way is to paste this into the view: 

<module name="Link">
  <param name="label">Open in Search</param>
  <module name="Redirector">
    <param name="url">search</param>
    <param name="arg.q">search $search$</param>
    <param name="arg.earliest">$search.timeRange.earliest$</param>
    <param name="arg.latest">$search.timeRange.latest$</param>
    <param name="target">_blank</param>
  </module>
</module>

It's kind of a lot of lines for such a simple link, but everything's at least fairly open about what it's doing.

In general whenever you use Redirector, you take the URL you want to end up with, and you break up all the querystring arguments (ie the ?q=search foo&username=mildred part) and you file all those away into the Redirector's arg.* params. The actual url param itself can be a full URL like http://google.com, but when you're just linking from view A to view B in the same app, you can just specify the view name and it becomes a relative link and the browser will know what to do.

and you can use the popup and target params and they'll do what you expect. Also for very advanced cases around when you have set popup to true, you can also use the windowFeatures param to customize the popup window size and scrollbars etc...

2) The old way to do it with Sideview Utils, before the Link module was to use the HTML module, but in many cases you had to use a ValueSetter module to manually url-encode the arguments and this was very tedious. The Link module was created to make this easier.

3) the old Splunk module ViewRedirectorLink still works, but you may find it limited. Link and Redirector will repay the time invested in them because you'll find them both useful in other use cases down the road.

Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎08-04-2014 03:57 PM

I am? woohoo!

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎08-01-2014 03:48 AM

great. you are a hero

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎07-30-2014 03:04 PM

Sure although there's no absolutely bulletproof way.

Assuming your postprocess searches dont have a leading pipe char (unfortunately splunk accepts them both with and without), then replace

<param name="arg.q">search $search$</param>
with

<param name="arg.q"> search $search$ | $postProcess$</param>

If your postprocess searches do have that leading pipe, then omit the pipe above. And now that I've called your attention to it you'll notice that this wont work well for searches that begin with generating commands like | metadata type=sourcetypes". =/

Reply
Solved! Jump to solution

koshyk
Super Champion
‎07-30-2014 02:47 AM

thanks for it. I'm not able to view the "postprocess" module searches as part of this. Any chance to display the postprocess bit as well?

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎07-01-2014 07:40 AM

There is a module calling "ViewRedirectorLink" in advanced xml, using which you can open the search populating the table/chart in the search screen. See example below.

<module name="Search" layoutPanel="panel_row2_col2" >
                <param name="search">
                 ....Your search....
                </param>                               
                <module name="Pager">
                  ....
                  <module name="Table">
                    ......
                  </module>
                  <module name="ViewRedirectorLink">
                    <param name="viewTarget">flashtimeline</param>
                    <param name="popup">True</param>
                  </module>
                </module>
              </module>

Another option using Sideview Util's HTML module is described here.
http://answers.splunk.com/answers/100227/postprocess-viewredirectorlink

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...