Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ExtendedFieldSearch, intentions, and radio buttons

cphair
Builder
‎08-30-2012 02:09 PM

Is it possible to use ExtendedFieldSearch with a radio button rather than a text field? I want to toggle my dashboard between searching all hours and only searching business hours (date_hour >8 AND date_hour <18). I think I need a stringreplace, given the complexity of the substituted text, but I want to have a radio button (or a dropdown) to toggle between those choices, rather than making the user type this into a freeform text box. If it is possible, what is the syntax?

Sorry if this is covered somewhere, but the intention documentation is rather spotty and I couldn't find a similar example in ui_examples.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎08-30-2012 10:34 PM

You can use the StaticRadio module, along with a ConvertToIntention module below that. Use the ConvertToIntention just like you'd use it with StaticSelect. Of course you could use the StaticSelect module as well.

Another option is to use Sideview Utils, which gives you a Checkbox module, and that might be the best option here. You don't have to use intentions so that makes it a lot simpler, and the Checkbox module is dead easy to use. All in all it's probably considerably less than half of the XML you'd need for StaticRadio + ConvertToIntention + HiddenSearch.

<module name="Checkbox">
  <param name="name">onlySearchBusinessHours</param>
  <param name="label">Only search during business hours</param>
  <param name="onValue">date_hour&gt;8 date_hour&lt;18</param>

  <module name="Search">
    <param name="search">foo bar $onlySearchBusinessHours$ | top host</param>

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎08-30-2012 10:34 PM

You can use the StaticRadio module, along with a ConvertToIntention module below that. Use the ConvertToIntention just like you'd use it with StaticSelect. Of course you could use the StaticSelect module as well.

Another option is to use Sideview Utils, which gives you a Checkbox module, and that might be the best option here. You don't have to use intentions so that makes it a lot simpler, and the Checkbox module is dead easy to use. All in all it's probably considerably less than half of the XML you'd need for StaticRadio + ConvertToIntention + HiddenSearch.

<module name="Checkbox">
  <param name="name">onlySearchBusinessHours</param>
  <param name="label">Only search during business hours</param>
  <param name="onValue">date_hour&gt;8 date_hour&lt;18</param>

  <module name="Search">
    <param name="search">foo bar $onlySearchBusinessHours$ | top host</param>
Reply
Solved! Jump to solution

cphair
Builder
‎08-31-2012 12:34 PM

Unfortunately Sideview isn't an option for this particular dashboard. I was having trouble just trying to deduce the proper Advanced XML syntax for intentions from the scattered examples--to further confuse matters, the radio was nested under an existing ExtendedFieldSearch, which doesn't use ConvertToIntention, so I was confused where everything was supposed to go. Maybe I'll post a separate what-I-learned. Anyway, the staticradio-converttointention sequence worked (eventually). Thanks.

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎08-31-2012 09:46 AM

I updated my example to escape the > and < characters. Sorry if you tried to use it and the view didn't load. Also I removed the AND and parentheses because consecutive search terms are automatically AND'ed in splunk.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...