Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Cannot create static or dynamic dropdowns for this...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
Since I'm a very recent Splunk user I found problems creating dropdowns for my dashboard compiling the Google bot hits to our domains
The data I want to get is coming from the search bellow, I'm interested in getting an area chart but being able also to filter with the dropdown each one of the host_names (domains of my company)
index=x_com_app user_agent = "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" OR user_agent="Googlebot-Image/1.0" OR user_agent="Googlebot/2.1 (+http://www.google.com/bot.html)" OR user_agent = "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" host_name="www.x.com" OR host_name="www.x.com.cn" OR host_name="www.x.co.jp"| timechart span=1d count by host_name limit=10
Hope you can help me and thanks a lot in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi andreshuexes,
you have to create a simple search with the list of the host_names, something like this:
index=x_com_app
| dudup host_names
| sort host_names
| table host_names
so you can create your dropdown list:
<form>
<label>test</label>
<fieldset submitButton="false">
<input type="dropdown" token="host_names">
<label>host_names</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>host_names</fieldForLabel>
<fieldForValue>host_names</fieldForValue>
<search>
<query>index=x_com_app
| dudup host_names
| sort host_names
| table host_names
</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
</search>
<prefix>host_names="</prefix>
<suffix>"</suffix>
</input>
</fieldset>
<row>
<panel>
<event>
<search>
<query>
index=x_com_app user_agent = "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" OR user_agent="Googlebot-Image/1.0" OR user_agent="Googlebot/2.1 (+http://www.google.com/bot.html)" OR user_agent = "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" $host_name$
| timechart span=1d count by host_name limit=10
</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="list.drilldown">none</option>
<option name="list.wrap">1</option>
<option name="maxLines">5</option>
<option name="raw.drilldown">full</option>
<option name="rowNumbers">0</option>
<option name="table.drilldown">all</option>
<option name="table.sortDirection">asc</option>
<option name="table.wrap">1</option>
<option name="type">list</option>
</event>
</panel>
</row>
</form>
This is an example using search panel but you can use also other graphic panels.
In addition, instead of a dropdown menu, you could also use multiple choice inputs.
You can find useful examples in Splunk Dashboard Examples App ( https://splunkbase.splunk.com/app/1603/ ).
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi andreshuexes,
you have to create a simple search with the list of the host_names, something like this:
index=x_com_app
| dudup host_names
| sort host_names
| table host_names
so you can create your dropdown list:
<form>
<label>test</label>
<fieldset submitButton="false">
<input type="dropdown" token="host_names">
<label>host_names</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>host_names</fieldForLabel>
<fieldForValue>host_names</fieldForValue>
<search>
<query>index=x_com_app
| dudup host_names
| sort host_names
| table host_names
</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
</search>
<prefix>host_names="</prefix>
<suffix>"</suffix>
</input>
</fieldset>
<row>
<panel>
<event>
<search>
<query>
index=x_com_app user_agent = "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" OR user_agent="Googlebot-Image/1.0" OR user_agent="Googlebot/2.1 (+http://www.google.com/bot.html)" OR user_agent = "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" $host_name$
| timechart span=1d count by host_name limit=10
</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="list.drilldown">none</option>
<option name="list.wrap">1</option>
<option name="maxLines">5</option>
<option name="raw.drilldown">full</option>
<option name="rowNumbers">0</option>
<option name="table.drilldown">all</option>
<option name="table.sortDirection">asc</option>
<option name="table.wrap">1</option>
<option name="type">list</option>
</event>
</panel>
</row>
</form>
This is an example using search panel but you can use also other graphic panels.
In addition, instead of a dropdown menu, you could also use multiple choice inputs.
You can find useful examples in Splunk Dashboard Examples App ( https://splunkbase.splunk.com/app/1603/ ).
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Giusseppe,
Firstly thanks a lot for your reply, it worked, the dropdown is working!!
The only thing I cannot do is creating an area chart linked to the dropdown
Should I created a new search or is there a way to link the chart back?
Thanks again
Andres
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi andreshuexes,
what do you mean with "creating an area chart linked to the dropdown"?
You can create a chart in a panel that uses the drilldown as a filter using a token (in your example $host_name$), why you don't reach to do this?
Go in [Edit -- UI -- Select Visualization] and modify your visualization.
Beware that to do this you must have (as in your example) only streaming commands as stats, timechart or chart.
If this answer solved your problem, please, accept and/or upvote it.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guisseppe,
Exactly changing the visualization, I was playing around and seems to be okay
Thanks a lot!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Event Series: Telemetry Pipeline Management
Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...
Deep insights, no barriers: Splunk Observability Cloud Free Edition
