Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to retrieve data from query string from URL in splunk cloud ?

shukan
Explorer
‎09-27-2017 02:25 AM

I want to fetch data from base url of splunk cloud. I want to redirect from one dashboard to another. For that , I have pass data in query string. So how can i get query string data into that ?
For ex : www.splunk.com?q=TEST
I require to pass TEST as a data in my search query.

Thanks in advance.

Tags (1)
Reply

niketn
Legend
‎09-28-2017 09:00 AM

@shukan, while I understand you want to create a token in source dashboard and pass on the same to be used in destination dashboard. Actual answer depends on how and where you are setting the token (Simple XML Dashboard Snippet if possible) and then how and where are you going to use the token (whether form level input token or not).

Following is a run anywhere example where I am setting two tokens for destination dashboard i.e. a form input token (form.tokLogLevel) and a token (tokTemp) to be used within destination dashboard.

Source Dashboard

<dashboard>
  <label>Source Dashboard</label>
  <row>
    <panel>
      <table>
        <search>
          <query>|makeresults
            | eval log_level=&quot;*&quot;
            | table log_level
            | append [search 
              index=_internal sourcetype=splunkd log_level=*
              | dedup log_level
              | table log_level]
          </query>
          <earliest>-24h</earliest>
          <latest>now</latest>
        </search>
        <drilldown>
          <set token="tokTemp">Test Token</set>
          <link target="_blank">/app/search/splunk_answers_579408__destination_dashboard?form.tokLogLevel=$row.log_level$&amp;tokTemp=$tokTemp$</link>
        </drilldown>
      </table>
    </panel>
  </row>
</dashboard>

Destination Dashboard

<form>
  <label>Destination Dashboard</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="tokLogLevel">
      <label>field1</label>
      <choice value="*">All</choice>
      <fieldForLabel>log_level</fieldForLabel>
      <fieldForValue>log_level</fieldForValue>
      <search>
        <query>index=_internal sourcetype=splunkd log_level=*
| dedup log_level
| table log_level</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Top count by log_level($tokLogLevel$) ($tokTemp$)</title>
      <table>
        <search>
          <query>
            index=_internal sourcetype=splunkd log_level=$tokLogLevel$
            | stats count by log_level
            | sort - count
            | head 5
          </query>
        </search>
      </table>
    </panel>
  </row>
</form>

Please try out the example and see if it fits your need. If not try to provide more details of tokens between your source and destination dashboards.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply

shukan
Explorer
‎09-28-2017 01:28 AM

I downvoted this post because i am asking after redirect to another page i require to use that token value , where i have redirected in search parameter.

original where i have used drilldown option and write in link tag with below value
www.splunk.com?q=test

after redirecting on www.splunk.com?q=test i am writing another splunk cloud query like sourcetype= index functionname = test which i require to fetch from querystring

0 Karma
Reply

niketn
Legend
‎09-28-2017 08:50 AM

@shukan, please use down voting option only in case the answer proves to be misleading or impacting your Splunk instance. Please understand that community members try to assist you with minimal information and without access to the actual system. If the references for various drilldown options as provided by DalJeanis, do not cater to your needs just providing the further details they way you have so that we can assist you further.

Refer to community guidelines : http://docs.splunk.com/Documentation/Splunkbase/splunkbase/Answers/Splunkcommunityguidelines

and refer to following Splunk Answers thread for discussion on proper etiquettes: https://answers.splunk.lom/answers/244111/proper-etiquette-and-timing-for-voting-here-on-ans.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

DalJeanis
Legend
‎09-27-2017 08:01 AM

Can you give more information on your use case?

What information are you trying to pass from one "dashboard" to another?

What is the reason that you are not just using the same underlying search as the other dashboard?

Or, are you talking about a drilldown scenario?

0 Karma
Reply

Sukisen1981
Champion
‎09-27-2017 09:29 AM

@DalJeanis is correct.
Maybe what you need is a drill down to drill down to a hidden panel depending on token selection, have you considered that approach?

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...