Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Complete search string based on a drop down

nebel
Communicator
‎08-10-2012 06:40 AM

Hi,

lets say I have a drop down with "red" and "green".
If I choose red the search should look like:

index=red | top red_user

If I chosse green the search should look like:

index=green | top green_user

Normally it is not a problem to use the token from the drop down in a search, but how can I handle it if the complete search should changing after choosing a field in the drop down?

Thank you

Regards

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎08-29-2012 10:18 AM

Create a macro for each case. In the drop-down, put the name of the macro for the value that corresponds to each choice.

The search template then could be

<searchtemplate>
    `$var$`
</searchtemplate>

That's the best that I can come up with. Plus it gives you the flexibility to change the macro without changing the dashboard.

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎08-29-2012 10:18 AM

Create a macro for each case. In the drop-down, put the name of the macro for the value that corresponds to each choice.

The search template then could be

<searchtemplate>
    `$var$`
</searchtemplate>

That's the best that I can come up with. Plus it gives you the flexibility to change the macro without changing the dashboard.

Reply
Solved! Jump to solution

nebel
Communicator
‎08-30-2012 06:53 AM

thank you very much!

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎08-10-2012 06:45 AM

The token is substituted into the search string. So if the token is $var$, you could simply put it in the search template (of the XML) as 

<searchTemplate>
    index=$var$ | top $var$_user
 </searchTemplate>

This should work...

0 Karma
Reply
Solved! Jump to solution

nebel
Communicator
‎08-29-2012 07:00 AM

does nobody know how I can change the full search string by choosing a field in a drop down?

0 Karma
Reply
Solved! Jump to solution

nebel
Communicator
‎08-10-2012 06:48 AM

Hi,

this was just an easy example, my searches are more complicated with regex and stuff. I think I have to replace the complete search based on the drop down.

Thank you

Regards

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...