Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Dropdown based search panel with different types of search query

vranjith009
New Member
‎09-28-2016 11:48 PM

Hi Guys,
Searched alot through splunk answers for this functionality , my requirement is I got two different types of search query which need to populate on panel on the basis of dropdown selection. I have tested "savedsearch" and its working but I have further dropdown selection in both queries so dont know how that will work.

< input type="dropdown" token="report" searchWhenChanged="true">
_< label>Report Selector
_< choice value="Dev">Development
_< choice value="Prod">Production

if $report$ is Dev then exceute search query 2 ie ; index=dev_data ...
Also I got some further dropdown selection like "Linux" and "windows"

if $report$ is Prod then exceute search query 1 ie ; index=prod_data ...
Also I got some further dropdown selection like "Unix" and "Aix"

Can we build this logic in splunk xml ..? I have tried with conditional match ..any one can help pls.

0 Karma
Reply

aaraneta_splunk
Splunk Employee
Splunk Employee
‎12-01-2016 07:11 PM

Hi @vranjith009 - Did one of the answers below help provide a solution your question? If yes, please click “Accept” below the best answer to resolve this post. If no, please leave a comment with more feedback. Thanks.

0 Karma
Reply

sundareshr
Legend
‎10-06-2016 06:58 AM

Try this

 <form>
   <label>Change SPL Dashboard</label>
   <fieldset submitButton="false">
     <input type="dropdown" token="environment">
       <label>Environment</label>
       <choice value="dev">Development</choice>
       <choice value="test">Test</choice>
       <choice value="prod">Production</choice>
       <selectFirstChoice>true</selectFirstChoice>
     </input>
    <input type="dropdown" token="os">
      <label>OS</label>
      <search>
        <query>| makeresults | eval x="dev,linux;dev,windows;prod,unix;prod,aix" | makemv x delim=";" | mvexpand x | rex field=x "(?<env>[^,]+),(?<os>.*)" | table env os | where env=$environment$</query>
        <earliest>@d</earliest>
        <latest>now</latest>
      </search>
      <fieldForLabel>os</fieldForLabel>
      <fieldForValue>os</fieldForValue>
    </input>
    </fieldset>

   <row>
     <panel>
       <single>
         <search>
           <query>| stats count as result | eval result = $environment|s$</query>
         </search>
       </single>
     </panel>
   </row>

    <row>
     <panel>
       <single>
         <search>
           <query>| stats count as result | eval result = $os|s$</query>
         </search>
       </single>
     </panel>
   </row>
 </form>
0 Karma
Reply

msivill_splunk
Splunk Employee
Splunk Employee
‎09-29-2016 09:22 AM

Below is an example to get you started.

The drop list value is used to set another value. Both values are reported in different single value panels to show the logic working.

<form>
  <label>Change SPL Dashboard</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="environment">
      <label>Environment</label>
      <choice value="dev">Development</choice>
      <choice value="test">Test</choice>
      <choice value="prod">Production</choice>
      <selectFirstChoice>true</selectFirstChoice>
      <change>
        <condition match="match(value,&quot;prod&quot;)">
          <set token="box">Linux</set>
        </condition>
        <condition match="match(value,&quot;dev&quot;)">
          <set token="box">Windows</set>
        </condition>
        <condition match="match(value,&quot;test&quot;)">
          <set token="box">Mac</set>
        </condition>
      </change>
    </input>
  </fieldset>

  <init>
    <set token="environment">dev</set>
    <set token="box">Windows</set>
  </init>

  <row>
    <panel>
      <single>
        <search>
          <query>| stats count as result | eval result = $environment|s$</query>
        </search>
      </single>
    </panel>
  </row>

   <row>
    <panel>
      <single>
        <search>
          <query>| stats count as result | eval result = $box|s$</query>
        </search>
      </single>
    </panel>
  </row>
</form>
0 Karma
Reply

vranjith009
New Member
‎10-04-2016 04:15 AM

Hi Msivill,

Thanks for the solution. My exact requirement was to provide second drop down option to user. I hope here you build the logic inside the query. My expectation is like there will be two drop down and on the basis of first dropdown selection, 2nd dropdown should populated automatically . like

Dropdown1 Dropdown2
Prod Unix
Linux

Dropdown1 Dropdown2
Dev Aix
Mac

Also we got two different query on the basis of first dropdown and we are expecting to get the result on same panel. If its possible please guide me.

0 Karma
Reply

msivill_splunk
Splunk Employee
Splunk Employee
‎10-06-2016 05:48 AM

Hi,

Just to clarify have I only provided one answer to your two questions?

The one that I think I have answered is changing the query based on the drop down.

Thanks

Mark

0 Karma
Reply

vranjith009
New Member
‎10-04-2016 04:18 AM

eg : If user selects Prod ..there should be only two options available to users on second dropdown ie Unix and linux.
If he choose Dev -- then only remaining two ie Aix and Mac

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...