I have a event created which is returning Jason data after search :
eventtype="my_new"
Data returned after this search :
data: {"Id":2001373223232214,"SerialNumber":6773737,"Unique":"200000","messageType":"READY","activeStartTime":"2018-08-29T09:30:00.000-0500","activeEndTime":"2018-08-30T11:00:00.000-0500","additional":["fitness","pool","public"],}
Now i want to give a feature on dashboard to the user if to search whole message by passing Unique
number in a search box. I have no clue how we can do this in Splunk . Please help me in this
@gauravepi ,
Are you looking for something similar ?
<form>
<fieldset submitButton="false" autoRun="false">
<input type="text" token="tok_unique">
<label>Unique</label>
<default>*</default>
<initialValue>*</initialValue>
</input>
</fieldset>
<row>
<panel>
<table>
<search>
<!--Dummy Data Creation-->
<query>|makeresults|eval json="{\"data\":
{
\"Id\":2001373223232214,
\"SerialNumber\":6773737,
\"Unique\":\"200000\",
\"messageType\":\"READY\",
\"activeStartTime\":\"2018-08-29T09:30:00.000-0500\",
\"activeEndTime\":\"2018-08-30T11:00:00.000-0500\",
\"additional\":[\"fitness\",\"pool\",\"public\"]
}
}"|append [|makeresults|eval json="{\"data\":
{
\"Id\":2001373223232314,
\"SerialNumber\":6773737,
\"Unique\":\"300000\",
\"messageType\":\"READY\",
\"activeStartTime\":\"2018-08-29T09:30:00.000-0500\",
\"activeEndTime\":\"2018-08-30T11:00:00.000-0500\",
\"additional\":[\"fitness\",\"pool\",\"public\"]
}
}"]
|spath input=json output=unique path=data.Unique|search unique="$tok_unique$" |fields json</query>
<earliest>-1m</earliest>
<latest>now</latest>
</search>
<option name="count">10</option>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>
Yes i was looking for this . How we can do this from UI panel. Do you have information regarding that.
I did the above using UI panel or what exactly you mean?