Dashboards & Visualizations

Multiple filter option in dashboard tables

rajim
Path Finder

I'm very new to Splunk world. Right now I'm facing the below problem regarding the dashboard table. It would be a great help if anyone could provide me a solution.

Problem: I have a simple dashboard table having more than 50 columns. I also have 4 input fields in the table which serve the function of filters for the table.
Q1: Now I want to add a facility in the dashboard that will provide this filter functionality for any field of the table. As there are more than 50 columns, so it's not possible to add separate input fields(drop down) for each column. So is there any functionality in Splunk that will provide me the list of column names in a drop down and another drop down will provide me the values for the corresponding filed, when I choose the field in the 1st drop down?

Q2: Can I add multiple filters dynamically like excel? For example, I want to view data based on the filters of 3 fields. So there would be 3 filters. If I want 4 then there will be facility to add another filter.... like that.

Actually I want a functionality similar to excel filter on columns. Please find attach the image of excel sort functionality of adding multiple level which show the list of fields present in the table and simultaneously provide the capability of adding multiple levels.alt text

Tags (1)

niketn
Legend

@rajim,
If your intent is to be able to form and edit data in the table (including sort/filter), you can possibly explore Splunk Table Dataset Add On which was introduced in Splunk 6.5.

Following is the link to Data Set Add On, its short video and Splunk Documentation:
https://splunkbase.splunk.com/app/3245/
https://www.splunk.com/en_us/resources/video.0xZDllOTE6YOrjNqzirBCguPGhScXAmC.html
http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Tabledatasetsintro

If you want to create Filter and Sorting capability for various fields displayed in your table, you would need to code the same in Simple XML. I will try to provide that if Table Dataset is not what you are looking for (unless someone else beats me to it ;))

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

nagar57
Communicator

@niketn I am also looking for the same functionality in simple XML. Did you try this solution in simple XML? Table dataset is not helping here.

0 Karma

rajim
Path Finder

Thanks @niketnilay
really a good add on.
But is it possible to implement my requirement thru' xml code?

0 Karma

gcusello
SplunkTrust
SplunkTrust

HI rajim,
I hope to have understood your first question: do you want to adapt your output using filters? in other words display or not one or more columns depending od filter value?
if this is your need you have to insert in your fieldset something like this

<input type="checkbox" token="fieldtoshow">
  <label>Fields to display</label>
  <choice value="_time">Date and Time</choice>
  <choice value="host">Host</choice>
  <choice value="source">Source</choice>
  <choice value="_raw">Log Event</choice>
  <default>_time,host,source,_raw</default>
  <initialValue>_time,host,source,_raw</initialValue>
  <delimiter> </delimiter>
</input>

and in your search

| table $fieldtoshow$

About the second question, insert in your form all the filters you need putting a default value for all, so as excel if you insert a value in one filter the filter is active, otherwise your search takes all events.

Bye.
Giuseppe

0 Karma

rajim
Path Finder

I downvoted this post because this doesn't answer my questions.

0 Karma

niketn
Legend

@rajim, kindly do not downvote unless the answer provided leads to some detrimental effects in your Splunk System.

I see that you have provided further details. I am sure @cusello will try to assist you further with your concerns. You should appreciate the fact that without having access to your system and complete details of your use case/issue, someone is trying to assist you with your question. Rest assured that avid Splunkers like @cusello will be able to resolve the issue that you are facing. 🙂

Kindly refer to following thread before downvoting: https://answers.splunk.com/answers/244111/proper-etiquette-and-timing-for-voting-here-on-ans.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

rajim
Path Finder

@niketnilay thank you for your feedback ... I really appreciate @cusello ... I downvoted this reply because it doesn't answer my questions, so that anyone in future doesn't get confused by this answer ... I have done this in the similar way of stackoverflow.com ... I didn't want to demotivate him ... anyway in future, I'll vote according to the above link 🙂

0 Karma

rajim
Path Finder

No, I'm not talking about choosing the columns. Rather, I want all columns to be displayed in the table. I just want the table rows to displayed based on some values of a particular column as it happens in excel. For example, among 50 fields, I have two columns as "policy type" and "priority". So I want those rows of the table that have values "blocking" for "policy type" field and priority 1.
Like this, I want to choose any field and view the data of the table based on the values of that field.
In short, I want the functionality of excel which provide the filter capability on any column.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...