Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Different query execution in Dashboard studio panel on the basis of drop down value.

Abhineet
Loves-to-Learn Everything
‎12-12-2023 03:26 AM

Hi

I want to execute different SPL query in Dashboard studio panel on the basis of dropdown value.

Drop down have two item only, if we select "Item1" in dropdown then in particular panel of Dashboard should execute "Query1" if selected "item2" in dropdown then in same panel of Dashboard studio should execute "Query2"

item1 = "Aruba NetWorks"

Item2 = "Cisco"

Query1 = index=dot1x_index sourcetype=cisco_failed_src OR sourcetype=aruba_failed_src| | eval node= if(isnotnull(node_vendor),"Cisco","Aruba NetWorks")| search node = $<dropdown token>$ | table  node_dns node_ip region

Query2 = index=dot1x_index sourcetype=cisco_failed_src OR sourcetype=aruba_failed_src| eval node= if(isnotnull(node_vendor),"Cisco","Aruba NetWorks")| search node = $<dropdown token>$ | table  Name

Kindly Guide.

Thanks

Abhineet Kumar

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎12-12-2023 04:17 AM

Try setting the value of the dropdowns to be the parts of the search which are different

label1 as Aruba NetWorks, value1 as node = "Aruba NetWorks"| table  node_dns node_ip region

label2 as Cisco, value2 as node = "Cisco"| table  Name

Then change your search to use the token like this

index=dot1x_index sourcetype=cisco_failed_src OR sourcetype=aruba_failed_src| eval node= if(isnotnull(node_vendor),"Cisco","Aruba NetWorks")| search $<dropdown token>$

0 Karma
Reply

Abhineet
Loves-to-Learn Everything
‎12-12-2023 06:07 AM

Hi Thanks for reply

We can't make changes to dropdown as dropdown fields populates from SPL query and it's uses by other panel in dashboard.

need assistance to make changes in panel SPL query itself so it pick query on the basis of dropdown field.

other if you could help me to makes changes in json code to manage both SPL query according to dropdown menu.

Thanks

Abhineet Kumar 

Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎12-12-2023 08:10 AM

I am not sure it is possible with Dashboard Studio (which I assume you are using since you mentioned JSON). With Classic / SimpleXML dashboards, you can use a change handler on the dropdown to set additional tokens based on the choice made.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...