Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Manual Input Form

gabarrygowin
Path Finder
‎03-10-2018 06:36 PM

Hi all,

Well a long night and day of reading about every post on forms and manual input to no avail.

I'm looking for a way to have my ops team input thier daily checks from a Splunk dashboard (vice uploading the form daily from Sharepoint).

Here's my code, but the submit button just doesn't do anything to get selected data into the indexes.

"





<![CDATA[ | inputlookup splunkcheckadmins.csv | fields "AdministratorName" | dedup "AdministratorName" ]]>




<![CDATA[ | inputlookup checkperformed.csv | fields "CheckPerformed" | dedup "CheckPerformed" ]]>



Checktype="
"
Daily
Daily
Weekly
Monthly



Check="
"
Complete, No Issues noted
Complete, No Issues noted
Complete, Issue Identified
Not Completed




Chart of Daily Checks

index=* "Splunk" AND ("Completed" OR "Not Completed") | timechart count
-24h@h
now

column


Table of Events for user="$username$" and $source$

index=_internal user=$username$ $source$ | table _time, user, sourcetype, _raw
-24h@h
now

true
true
none
row
5


"

Thoughts?

Thanks for reading!

Tags (1)
0 Karma
Reply

gabarrygowin
Path Finder
‎03-14-2018 05:34 PM

Update:

Got things mostly working just need help setting current user into a text field (vice current dropbox).

"***

S&I System Checks

<input type="dropdown" token="Administrator">

  <label>Administrator Performing Check:</label>

  <search>

    <query>| inputlookup splunkcheckadmins.csv | fields

`"Administrator" | dedup "Administrator"

  </search>

  <fieldForLabel>Administrator</fieldForLabel>

  <fieldForValue>Administrator</fieldForValue>

  <prefix>Administrator="</prefix>

  <suffix>"</suffix>

</input>

<input type="dropdown" token="CheckPerformed">

  <label>System or Item Checked:</label>

  <search>

    <query>| inputlookup checkperformed.csv | fields

`"CheckPerformed" | dedup "CheckPerformed"

  </search>

  <fieldForLabel>CheckPerformed</fieldForLabel>

  <fieldForValue>CheckPerformed</fieldForValue>

  <prefix>CheckPerformed="</prefix>

  <suffix>"</suffix>

</input>

<input type="radio" token="CheckType">

  <label>Select Checktype:</label>

  <default>Daily</default>

  <choice value="Daily">Daily</choice>

  <choice value="Weekly">Weekly</choice>

  <choice value="Monthly">Monthly</choice>

  <prefix>CheckType="</prefix>

  <suffix>"</suffix>

</input>

<input type="radio" token="CheckStatus">

  <label>Check Status:</label>

  <default>Complete, No Issues noted</default>

  <choice value="Complete, No Issues noted">Complete, No Issues

``noted

<choice value="Complete, Issue Identified and being

`worked">Complete, Issue Identified

  <choice value="Not Completed">Not Completed</choice>

  <prefix>CheckStatus="</prefix>

  <suffix>"</suffix>

</input>





<panel>

  <table>

    <search>

      <query>|makeresults |eval _time=now() | eval $Administrator$ |eval $CheckPerformed$  | eval $CheckType$ | eval $CheckStatus$ | table _time, Administrator, CheckPerformed, CheckType, CheckStatus | outputlookup append=true GenAtomicsCheck.csv</query>

      <earliest>$earliest$</earliest>

      <latest>$latest$</latest>

    </search>

    <option name="count">10</option>

    <option name="refresh.display">progressbar</option>

  </table>

</panel>





<panel>

  <table>

    <search>

      <query>| inputlookup GenAtomicsCheck.csv | stats count by _time, Administrator, CheckPerformed, CheckStatus, CheckType | sort - _time | fields - count</query>

      <earliest>@d</earliest>

      <latest>now</latest>

      <refresh>1m</refresh>

      <refreshType>delay</refreshType>

    </search>

    <option name="count">20</option>

    <option name="refresh.display">none</option>

  </table>

</panel>

<panel>

  <single>

    <search>

      <query>| inputlookup GenAtomicsCheck.csv | chart count as CheckPerformed</query>

      <earliest>@d</earliest>

      <latest>now</latest>

      <refresh>1m</refresh>

      <refreshType>delay</refreshType>

    </search>

    <option name="colorMode">block</option>

    <option name="rangeColors">

`["0xd93f3c","0xf7bc38","0x65a637"]

    <option name="rangeValues">[2,19]</option>

    <option name="refresh.display">none</option>

    <option name="useColors">1</option>

    <option name="useThousandSeparators">1</option>

  </single>

</panel>

***"

0 Karma
Reply

tiagofbmm
Influencer
‎03-21-2018 09:56 AM

Please let me know if the answer was useful for you. If it was, accept it and upvote. If not, give us more input so we can help you with that

0 Karma
Reply

gabarrygowin
Path Finder
‎03-12-2018 04:19 AM

Hi!

Thanks for the response, had to step away from this for a day.

How's this? Yes, trying to provide a simple form that people use to select a couple items and submit the selected data to Splunk. Not really concerned which index.

S&I System Checks

<input type="dropdown" token="AdministratorName">

  <label>Administrator Performing Check:</label>

  <search>

    <query>| inputlookup splunkcheckadmins.csv | fields "AdministratorName" | dedup "AdministratorName"</query>
  </search>

  <fieldForLabel>AdministratorName</fieldForLabel>

  <fieldForValue>AdministratorName</fieldForValue>

</input>

<input type="dropdown" token="CheckPerformed">

  <label>System or Item Checked:</label>

  <search>

    <query>| inputlookup checkperformed.csv | fields "CheckPerformed" | dedup "CheckPerformed"</query>

  </search>

  <fieldForLabel>CheckPerformed</fieldForLabel>

  <fieldForValue>CheckPerformed</fieldForValue>

</input>

<input type="radio">

  <label>Select Checktype:</label>

  <prefix>Checktype="</prefix>

  <suffix>"</suffix>

  <default>Daily</default>

  <choice value="Daily">Daily</choice>

  <choice value="Weekly">Weekly</choice>

  <choice value="Monthly">Monthly</choice>

</input>

<input type="radio">

  <label>Check Status:</label>

  <prefix>Check="</prefix>

  <suffix>"</suffix>

  <default>Complete, No Issues noted</default>

  <choice value="Complete, No Issues noted">Complete, No Issues noted</choice>

  <choice value="Complete, Issue Identified and being worked">Complete, Issue Identified</choice>

  <choice value="Not Completed">Not Completed</choice>

</input>
0 Karma
Reply

tiagofbmm
Influencer
‎03-11-2018 03:08 AM

Hi

Help me understand. Do you want to create a dashboard that has table where people fill some things in it and then collect that data into a specific index?

Could you clean up the way you show your code so it is understandable what is going on where?

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...

4 Ways the Splunk Community Helps You Prepare for .conf25

.conf25 is right around the corner, and whether you’re a first-time attendee or a seasoned Splunker, the ...
Top