Dashboards & Visualizations

Adding a drop-down list in the form

nataliat
Explorer

Hi, I am wondering how to add a drop-down list in a dashboard/form.

The situation is the following: I have a bunch of queries that I would like to run against a specific customer. Let's say that I have: {Customer1, Customer2, Customer3,...Customer n} and the queries:
- Query 1: ... | search customerName="Customer1";
- Query 2: ... | search customerName="Customer1";
- ....
- Query m: ... | search customerName="Customer1";

I would like these queries to run against the CustomerX selected from the drop-down list {Customer1, Customer2, Customer3,...Customer n}

Is possible to get this done using Splunk? Any help will be more than welcome.

I'm using Splunk 6.0

Many thanks.

Tags (1)
0 Karma

nataliat
Explorer

I managed to get a solution for my own question 🙂

The code that is required is the following using Simple XML:


<form>
<fieldset>
<input type="dropdown" token="customer">
<default>Alaska </default>
<label>Select a Customer name: </label>
<populatingSearch fieldForValue="customerName" fieldForLabel="customerName">
<![CDATA[eventtype=xxx | stats count by customerName]]>
</populatingSearch>
</input>
</fieldset>
<row>
<table>
<title>Function Usage </title>
<searchString>eventtype=xxx| search customerName="$customer$" | yyy </searchString>
<option name="wrap">true </option>
<option name="rowNumbers">false </option>
<option name="dataOverlayMode">none </option>
<option name="drilldown">row </option>
<option name="count">10 </option>
</table>
</row>
</form>

Notes:

  1. fieldForValue and fieldforLabel match with the field extracted from the populating search, in this case customerName,
  2. The searchString is using $customer$ as value for customerName as customer is the variable name used for token in the dropdown.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...