Dashboards & Visualizations

Hi. I have a requirement where I have to build a custom Form on top of the Splunk. And I want this form data to be the input for Splunk. Is that possible with the Splunk? If so, can someone provide me the details regarding this.

madhavi24
New Member

Hi. I have a requirement where I have to build a custom Form on top of the Splunk. And I want this form data to be the input for Splunk. Is that possible with the Splunk? If so, can someone provide me the details regarding this.

Tags (1)
0 Karma

Raghav2384
Motivator

Adding a little to the wise words from @alacercogitatus, there are quite a few ways to this.

OP might have found a solution already. If anyone still stuck on this, below is one of the many ways to do it

  1. Have Tokens for your form Elements
  2. Anything user enters is stored in Token
  3. You can get really creative and do a search as

|makeresults
|eval Input1 = $token1$
|eval Input2 = $token2$
|eval Input3 = $token3$
|collect index= host= sourcetype=

All of these are part of core Splunk, no custom code. Read more about collect command here
https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/SearchReference/Collect

Hope this helps!

Thanks,
Raghav

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

the Splunk is near. the Splunk is sentient. the Splunk sees all, knows all, indexes all. the Splunk knows you, before you know you. Splunk has its APIs, they know more, before you know more. They are contained within: http://dev.splunk.com/view/sdks/SP-CAAADP7. Use the SDKs, and knowledge shall be transformed for you. Build your form, in the language that pleases you. Manipulate the data, send it to the Splunk, it shall consume your request, think upon it, and return results of wisdom. Your form displays the wisdom for all to see!

MarioM
Motivator

sorry but this is not clear what you looking to do... is it a form based on data indexed in splunk using splunk ui or is it your own application with a custom form querying Splunk ?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...