Dashboards & Visualizations

Dropdown based search panel with different types of search query

New Member

Hi Guys,
Searched alot through splunk answers for this functionality , my requirement is I got two different types of search query which need to populate on panel on the basis of dropdown selection. I have tested "savedsearch" and its working but I have further dropdown selection in both queries so dont know how that will work.

< input type="dropdown" token="report" searchWhenChanged="true">
_< label>Report Selector
_< choice value="Dev">Development
_< choice value="Prod">Production

if $report$ is Dev then exceute search query 2 ie ; index=dev_data ...
Also I got some further dropdown selection like "Linux" and "windows"

if $report$ is Prod then exceute search query 1 ie ; index=prod_data ...
Also I got some further dropdown selection like "Unix" and "Aix"

Can we build this logic in splunk xml ..? I have tried with conditional match ..any one can help pls.

0 Karma

Splunk Employee
Splunk Employee

Hi @vranjith009 - Did one of the answers below help provide a solution your question? If yes, please click “Accept” below the best answer to resolve this post. If no, please leave a comment with more feedback. Thanks.

0 Karma

Legend

Try this

 <form>
   <label>Change SPL Dashboard</label>
   <fieldset submitButton="false">
     <input type="dropdown" token="environment">
       <label>Environment</label>
       <choice value="dev">Development</choice>
       <choice value="test">Test</choice>
       <choice value="prod">Production</choice>
       <selectFirstChoice>true</selectFirstChoice>
     </input>
    <input type="dropdown" token="os">
      <label>OS</label>
      <search>
        <query>| makeresults | eval x="dev,linux;dev,windows;prod,unix;prod,aix" | makemv x delim=";" | mvexpand x | rex field=x "(?<env>[^,]+),(?<os>.*)" | table env os | where env=$environment$</query>
        <earliest>@d</earliest>
        <latest>now</latest>
      </search>
      <fieldForLabel>os</fieldForLabel>
      <fieldForValue>os</fieldForValue>
    </input>
    </fieldset>

   <row>
     <panel>
       <single>
         <search>
           <query>| stats count as result | eval result = $environment|s$</query>
         </search>
       </single>
     </panel>
   </row>

    <row>
     <panel>
       <single>
         <search>
           <query>| stats count as result | eval result = $os|s$</query>
         </search>
       </single>
     </panel>
   </row>
 </form>
0 Karma

Splunk Employee
Splunk Employee

Below is an example to get you started.

The drop list value is used to set another value. Both values are reported in different single value panels to show the logic working.

<form>
  <label>Change SPL Dashboard</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="environment">
      <label>Environment</label>
      <choice value="dev">Development</choice>
      <choice value="test">Test</choice>
      <choice value="prod">Production</choice>
      <selectFirstChoice>true</selectFirstChoice>
      <change>
        <condition match="match(value,&quot;prod&quot;)">
          <set token="box">Linux</set>
        </condition>
        <condition match="match(value,&quot;dev&quot;)">
          <set token="box">Windows</set>
        </condition>
        <condition match="match(value,&quot;test&quot;)">
          <set token="box">Mac</set>
        </condition>
      </change>
    </input>
  </fieldset>

  <init>
    <set token="environment">dev</set>
    <set token="box">Windows</set>
  </init>

  <row>
    <panel>
      <single>
        <search>
          <query>| stats count as result | eval result = $environment|s$</query>
        </search>
      </single>
    </panel>
  </row>

   <row>
    <panel>
      <single>
        <search>
          <query>| stats count as result | eval result = $box|s$</query>
        </search>
      </single>
    </panel>
  </row>
</form>
0 Karma

New Member

Hi Msivill,

Thanks for the solution. My exact requirement was to provide second drop down option to user. I hope here you build the logic inside the query. My expectation is like there will be two drop down and on the basis of first dropdown selection, 2nd dropdown should populated automatically . like

Dropdown1 Dropdown2
Prod Unix
Linux

Dropdown1 Dropdown2
Dev Aix
Mac

Also we got two different query on the basis of first dropdown and we are expecting to get the result on same panel. If its possible please guide me.

0 Karma

Splunk Employee
Splunk Employee

Hi,

Just to clarify have I only provided one answer to your two questions?

The one that I think I have answered is changing the query based on the drop down.

Thanks

Mark

0 Karma

New Member

eg : If user selects Prod ..there should be only two options available to users on second dropdown ie Unix and linux.
If he choose Dev -- then only remaining two ie Aix and Mac

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!