Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can someone please help me to understand what is wrong with my code?

aasiaa
Path Finder
‎05-09-2023 08:30 AM

Hi, 

I am creating the dashboard, where for couple of panels I will use similar query so I saved shared bit as base query. However I have 2 different indexes (environments) so I also created input to choose appropriate index for the base search. However it looks like it picks up just prod, and not returning results for ppe.

Can someone please help me to understand what is wrong with my code?

 

 

	"dataSources": {
		"ds_baseSearch": {
			"type": "ds.search",
			"options": {
				"query": "index=\"$env$\" sourcetype=some_sourcetype risk=*\n| spath risk\n| rename risk AS risk\n| eval riskCategory = if(risk <= 1.0, \"low\", if(risk<= 2.0, \"moderate\", \"high\"))\n| stats count(eval(riskCategory==\"low\")) as low, count(eval(riskCategory==\"moderate\")) as moderate, count(eval(riskCategory==\"high\")) as high, count as total\n    ",
				"queryParameters": {
					"earliest": "$time.earliest$",
					"latest": "$time.latest$"
				},
				"enableSmartSources": true
			},
			"name": "base_search"
		},
		"ds_search_2": {
			"type": "ds.chain",
			"options": {
				"query": "| stats sum(total) as Total ",
				"extend": "ds_baseSearch"
			},
			"name": "_total"
		},
	"defaults": {
		"dataSources": {
			"ds.search": {
				"options": {
					"queryParameters": {}
				}
			}
		}
	},
	"inputs": {
		"input_2": {
			"type": "input.timerange",
			"title": "Time period",
			"options": {
				"token": "time",
				"defaultValue": "-60m@m,now"
			}
		},
		"input_hw3xXSsR": {
			"options": {
				"items": [
					{
						"label": "prod",
						"value": "_prod"
					},
					{
						"label": "ppe",
						"value": "_ppe"
					}
				],
				"token": "evn",
				"defaultValue": "_prod"
			},
			"title": "Environment",
			"type": "input.dropdown",
			"dataSources": {}
		}
	},

 

 

 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎05-10-2023 02:01 AM

@aasiaa - You can just open your search in open in search to see if the query is reflecting the index correctly or not.

Also, please try to grep for the word prod in the dashboards' source-code to confirm.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎05-09-2023 09:32 AM

@aasiaa - two questions:

  • Do you mean it gives results for prod, even when you select ppe from the dropdown?
  • Have you created the index with _prod and _ppe names?

 

0 Karma
Reply
Solved! Jump to solution

aasiaa
Path Finder
‎05-09-2023 01:04 PM

@VatsalJagani , yes, exactly that. So it returns results just for prod and my indexes are index=_prod for prod and index=_ppe for ppe;

I have created base search for prod only to start with but then replaced index with 'env' token once I added dropdown. I thought that maybe I have _prod index left somewhere else in the code, but I do not. 

Also for ppe when I run my query in separate splunk search results are 0, but I do not think that matters, it should just return 0 on the dashboard.

 

0 Karma
Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎05-10-2023 02:01 AM

@aasiaa - You can just open your search in open in search to see if the query is reflecting the index correctly or not.

Also, please try to grep for the word prod in the dashboards' source-code to confirm.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...