Hi,
I made a simple form search like showed in the Splunk documentation (http://docs.splunk.com/Documentation/Splunk/latest/Developer/Step1CreateAForm).
Is it possible to fetch the results from this search and render it without using the
For example, is it possible to do something like IP Address $src_ip$ is binded with MAC Address $src_mac$
Thanks!
Regards, Stefan
Thanks for your reply. At then end I used Sideview Utils to extract the results.
<view autoCancelInterval="90" isVisible="true" onunloadCancelJobs="true" template="dashboard.html" isSticky="False">
<label>IP / MAC</label>
<module name="AccountBar" layoutPanel="appHeader" />
<module name="AppBar" layoutPanel="appHeader" />
<module name="SideviewUtils" layoutPanel="appHeader" />
<module name="HTML" layoutPanel="viewHeader">
<param name="html"><![CDATA[
<h1>Lookup IP and MAC addresses</h1>
]]></param>
</module>
<module name="TextField" layoutPanel="panel_row1_col1" autoRun="False">
<param name="name">selectedReport</param>
<param name="label">Lookup IP/MAC</param>
<module name="Search" layoutPanel="panel_row2_col1" group="Device information">
<param name="search">sourcetype=DHCP_Log AND (src_ip = $selectedReport$ AND src_mac != '') OR (src_ip != '' AND src_mac = $selectedReport$) | head 1</param>
<param name="earliest">-120min</param>
<module name="HTML">
<param name="html"><![CDATA[
<div>IP Address: $results[0].src_ip$<br />
MAC Address: $results[0].src_mac$<br />
</div>
]]></param>
</module>
</module>
</module>
Not to my knowledge, but what you can do is eval
a field to contain the text that you want. Like:
sourcetype="DHCP_Log" AND src_ip = $src_ip$ AND src_mac != '' | sort -_time | head 1 | eval msg="IP Address ".src_ip." is binded with MAC Address ".src_mac | fields msg