Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Adding a drop-down list in the form

nataliat
Explorer
‎05-12-2014 10:10 PM

Hi, I am wondering how to add a drop-down list in a dashboard/form.

The situation is the following: I have a bunch of queries that I would like to run against a specific customer. Let's say that I have: {Customer1, Customer2, Customer3,...Customer n} and the queries:
- Query 1: ... | search customerName="Customer1";
- Query 2: ... | search customerName="Customer1";
- ....
- Query m: ... | search customerName="Customer1";

I would like these queries to run against the CustomerX selected from the drop-down list {Customer1, Customer2, Customer3,...Customer n}

Is possible to get this done using Splunk? Any help will be more than welcome.

I'm using Splunk 6.0

Many thanks.

Tags (1)
0 Karma
Reply

nataliat
Explorer
‎05-13-2014 12:40 AM

I managed to get a solution for my own question 🙂

The code that is required is the following using Simple XML:



<form>

 <fieldset>

  <input type="dropdown" token="customer">

   <default>Alaska </default>

   <label>Select a Customer name: </label>

   <populatingSearch fieldForValue="customerName" fieldForLabel="customerName">

    <![CDATA[eventtype=xxx | stats count by customerName]]>

   </populatingSearch>

  </input>

 </fieldset>

 <row>

  <table>

   <title>Function Usage </title>

   <searchString>eventtype=xxx| search customerName="$customer$" | yyy </searchString>

   <option name="wrap">true </option>

   <option name="rowNumbers">false </option>

   <option name="dataOverlayMode">none </option>

   <option name="drilldown">row </option>

   <option name="count">10 </option>

  </table>

  </row>

</form>

Notes:

  1. fieldForValue and fieldforLabel match with the field extracted from the populating search, in this case customerName,
  2. The searchString is using $customer$ as value for customerName as customer is the variable name used for token in the dropdown.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...