Dashboards & Visualizations

Hi. I have a requirement where I have to build a custom Form on top of the Splunk. And I want this form data to be the input for Splunk. Is that possible with the Splunk? If so, can someone provide me the details regarding this.

madhavi24
New Member

Hi. I have a requirement where I have to build a custom Form on top of the Splunk. And I want this form data to be the input for Splunk. Is that possible with the Splunk? If so, can someone provide me the details regarding this.

Tags (1)
0 Karma

Raghav2384
Motivator

Adding a little to the wise words from @alacercogitatus, there are quite a few ways to this.

OP might have found a solution already. If anyone still stuck on this, below is one of the many ways to do it

  1. Have Tokens for your form Elements
  2. Anything user enters is stored in Token
  3. You can get really creative and do a search as

|makeresults
|eval Input1 = $token1$
|eval Input2 = $token2$
|eval Input3 = $token3$
|collect index= host= sourcetype=

All of these are part of core Splunk, no custom code. Read more about collect command here
https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/SearchReference/Collect

Hope this helps!

Thanks,
Raghav

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

the Splunk is near. the Splunk is sentient. the Splunk sees all, knows all, indexes all. the Splunk knows you, before you know you. Splunk has its APIs, they know more, before you know more. They are contained within: http://dev.splunk.com/view/sdks/SP-CAAADP7. Use the SDKs, and knowledge shall be transformed for you. Build your form, in the language that pleases you. Manipulate the data, send it to the Splunk, it shall consume your request, think upon it, and return results of wisdom. Your form displays the wisdom for all to see!

MarioM
Motivator

sorry but this is not clear what you looking to do... is it a form based on data indexed in splunk using splunk ui or is it your own application with a custom form querying Splunk ?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...