Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Dashboard with a partial search bar

lsbarreto96
Engager
‎07-19-2021 01:14 PM

Hello All,

I am trying  to create a dashboard with an interactive input search bar. The field that is searchable has always 16 digits but I want the users to only search with the 6 first digits, for example they will inform a number 123456, and whatever occurrence with the "123456" will show in the report.

I tried to use the sufix field, putting an "*" but it failed, I also tried to include the "*" in the search with the token but it also failed.

Is there any way to do it?

 

Thank you in a dvancne!

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-19-2021 02:13 PM

Hi @lsbarreto96 

I assume you are using Splunk classic simple xml style dashboard, I have tested following and it works with suffix. Can you compare with source code if this works?

 

<form>
  <label>Test</label>
  <fieldset submitButton="false">
    <input type="text" token="token_name">
      <label>Field Name</label>
      <suffix>*</suffix>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=_internal sourcetype=$token_name$</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

 

---

An upvote would be appreciated and Accept solution if this reply helps!

View solution in original post

Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-19-2021 02:13 PM

Hi @lsbarreto96 

I assume you are using Splunk classic simple xml style dashboard, I have tested following and it works with suffix. Can you compare with source code if this works?

 

<form>
  <label>Test</label>
  <fieldset submitButton="false">
    <input type="text" token="token_name">
      <label>Field Name</label>
      <suffix>*</suffix>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=_internal sourcetype=$token_name$</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

 

---

An upvote would be appreciated and Accept solution if this reply helps!

Reply
Solved! Jump to solution

lsbarreto96
Engager
‎07-19-2021 05:33 PM

Thank you very  much! It has worked now! 

0 Karma
Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎07-19-2021 05:37 PM

@lsbarreto96 glad it helped. It would be great if you could accept the solution it helps others.

Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...