How to Fill two different queries for a radio butt...

pench2k19 · ‎03-13-2020

Hi Ninjas,

I have a radio button with two values as STARTING job and RUNNING jobs.

I have different query for each value. I would like to the corresponding value search should get filled it when user select the Status.

Following are the queries:

Starting Jobs Query:
ndex=infra_apps sourcetype=XXXX EventCode=40245 Status=Running AppID=$appid$ Machine=$host$ Job=$job$
| dedup _raw
| lookup datalakenodeslist.csv host as Machine OUTPUT cluster
| search cluster=$clustername$
| timechart count span=2m

Running Jobs Query:
index=infra_apps sourcetype=ca:atsys:edemon:txt EventCode=40245 AND (Status=STARTING OR Status=Running) AppID=$appid$ Machine=$host$ Job=$job$
| dedup _raw
| lookup datalakenodeslist.csv host as Machine OUTPUT cluster
| search cluster=$clustername$
| eval starting=if(Status="STARTING","1","0"),status=if(Status="STARTING","start","stop"), time=_time+status
| bin span=2m _time
| stats max(starting) as starting, earliest(time) as first, latest(time) as last by Job,_time
| xyseries _time Job starting first last
| makecontinuous span=2m _time
| streamstats window=2 global=f earliest(last*) as last*
| reverse
| streamstats window=2 global=f earliest(first*) as first*
| reverse
| foreach starting*
[ eval <>=if(isnull('<>') AND like('first<>',"%start"),"0",if(isnull('<>') AND like('first<>',"%stop"),"1",if(isnull('<>') AND like('last<>',"%start"),"1",if(isnull('<>') AND like('last<>',"%stop"),"0",'<>'))))]
| fields - first*, last*
| filldown *
| reverse
| filldown *
| reverse
| addtotals fieldname=Starting
| fields _time,Starting

PS: the token i am using is Status and the token value is jobstatus

Can you please help @vnravikumar @woodcock @sideview

woodcock · ‎03-13-2020

I do not see a question here. What.pronlem are you having?

vnravikumar · ‎03-13-2020

Hi

Check this, use status token in your query

<form>
  <label>radio</label>
  <fieldset submitButton="false">
    <input type="radio" token="status">
      <label>Job Status</label>
      <choice value="Running">Running</choice>
      <choice value="STARTING">STARTING</choice>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>

        <search>
          <query>index=infra_apps sourcetype=XXXX EventCode=40245 Status=$status$ AppID=$appid$ Machine=$host$ Job=$job$
| dedup _raw
| lookup datalakenodeslist.csv host as Machine OUTPUT cluster
| search cluster=$clustername$
| timechart count span=2m
</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

pench2k19 · ‎03-13-2020

@vnravikumar thanks for the reply.....Its showinf search is waiting for input.
the following is the piece of code i have incorporated in the xml code.

  <label>Select Job status</label>
  <choice value="STARTING">Starting</choice>
  <choice value="RUNNING">Running</choice>
  <default>RUNNING</default>
</input>


 <panel>
   <table>
     <search>
       <query>index=infra_apps sourcetype=ca:atsys:edemon:txt EventCode=40245 Status=$status$ AppID=$appid$ Machine=$host$ Job=$job$

| dedup _raw
| lookup datalakenodeslist.csv host as Machine OUTPUT cluster
| search cluster=$clustername$
| timechart count span=2m

       <earliest>-24h@h</earliest>
       <latest>now</latest>
     </search>
     <option name="drilldown">none</option>
   </table>
 </panel>

vnravikumar · ‎03-13-2020

Have you passed remaining tokens AppID=$appid$ Machine=$host$ Job=$job$ along with status?. I didn't have those token in my above example. Please pass those tokens and try..

pench2k19 · ‎03-13-2020

yes i did, the following is the full XML code for your reference.

Autosys Cluster Autosys Jobs Running and started
This DashBoard gives the list of autosys jobs running or started in each 1CDH cluster at times.

<unset token="earliest"></unset>
<unset token="latest"></unset>


<input type="time" token="field1">
  <label>Select Time range</label>
  <default>
    <earliest>-24h@h</earliest>
    <latest>now</latest>
  </default>
</input>
<input type="dropdown" token="appid">
  <label>Select the APPID</label>
  <choice value="*">All</choice>
  <fieldForLabel>AppID</fieldForLabel>
  <fieldForValue>AppID</fieldForValue>
  <search>
    <query>|inputlookup appidvscluster.csv |dedup AppID |table AppID</query>
    <earliest>-24h@h</earliest>
    <latest>now</latest>
  </search>
</input>
<input type="dropdown" token="clustername">
  <label>Select the Cluster</label>
  <fieldForLabel>Cluster</fieldForLabel>
  <fieldForValue>Cluster</fieldForValue>
  <search>
    <query>|inputlookup appidvscluster.csv  where AppID ="$appid$" |dedup Cluster

|table Cluster
-24h@h
now

All

Select Host
All

host
host

|inputlookup "datalakenodeslist.csv" where cluster=$clustername$
| dedup "host"
| table host
-24h@h
now

Select Job
<choice value="">All
*
Job
Job

|inputlookup alljobs.csv
|rex mode=sed field=host "y/\w{5}\d{2}v\d{4}/\w{5}\d{2}a\d{4}/"
| lookup datalakenodeslist.csv host OUTPUT cluster
| search cluster="$clustername$" AND host="$host$"
| dedup Job
| table Job
-24h@h
now

Select Job status
Starting
Running
RUNNING

 <panel>
   <table>
     <search>
       <query>index=infra_apps sourcetype=ca:atsys:edemon:txt EventCode=40245 Status=$status$ AppID=$appid$ Machine=$host$ Job=$job$

| dedup _raw
| lookup datalakenodeslist.csv host as Machine OUTPUT cluster
| search cluster=$clustername$
| timechart count span=2m

       <earliest>-24h@h</earliest>
       <latest>now</latest>
     </search>
     <option name="drilldown">none</option>
   </table>
 </panel>


<panel>
  <title>$jobstatus$ Jobs Trend</title>
  <chart>
    <search id="CDH_Cluster_jobs_trend">
      <query>index=infra_apps sourcetype=ca:atsys:edemon:txt EventCode=40245 AND (Status=Failure OR Status=Terminated OR Status=Running OR Status=Success) AppID=$appid$ Machine=$host$ Job=$job$

| dedup _raw
| lookup datalakenodeslist.csv host as Machine OUTPUT cluster
| search cluster=$clustername$
| eval running=if(Status="RUNNING","1","0"),status=if(Status="RUNNING","start","stop"), time=_time+status
| bin span=2m _time
| stats max(running) as running, earliest(time) as first, latest(time) as last by Job,_time
| xyseries _time Job running first last
| makecontinuous span=2m _time
| streamstats window=2 global=f earliest(last*) as last*
| reverse
| streamstats window=2 global=f earliest(first*) as first*
| reverse
| foreach running*
[ eval <<FIELD>>=if(isnull('<<FIELD>>') AND like('first<<MATCHSTR>>',"%start"),"0",if(isnull('<<FIELD>>') AND like('first<<MATCHSTR>>',"%stop"),"1",if(isnull('<<FIELD>>') AND like('last<<MATCHSTR>>',"%start"),"1",if(isnull('<<FIELD>>') AND like('last<<MATCHSTR>>',"%stop"),"0",'<<FIELD>>'))))]
| fields - first*, last*
| filldown *
| reverse
| filldown *
| reverse
| addtotals fieldname=Running
| fields _time,Running
$field1.earliest$
$field1.latest$

line
all
progressbar

$click.value2$
$click.value$
($click.value$ + 300)
strftime($earliest$, "%m/%d/%Y %I:%M:%S %p")
strftime($latest$, "%m/%d/%Y %I:%M:%S %p")

<panel depends="$jobcount$">
  <title>List of Jobs from $earliest1$ to $latest1$</title>
  <table>
    <search id="CDH_Cluster_jobs_table">
      <query>index=infra_apps sourcetype=ca:atsys:edemon:txt

How to Fill two different queries for a radio button with two values

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor