Dashboards & Visualizations

How can I create a field picker for custom fields in a dashboard

shacharz
Explorer

Just like the time picker in dashboard, I have many panels that are all using a certain field e.g: customerId="..."
And I want to easily filter customers with such a field picker, instead of changing all the search strings in all the panels

0 Karma
1 Solution

Raghav2384
Motivator
Have you considered using a form element?
Example: customerid would be a drop down with all the ids.

Step1: edit xml
Step2: replace <dashboard> & </dashboard> with <form> and </form>
Step3: After label tag insert something like
<fieldset>
<input type="dropdown" token="customerid" searchWhenChanged="false">
<choice value="*"> All</choice>
<default>All</default>
<populatingSearch fieldForValue="customerid" fieldForLabel="customerid">base search...|top 50 customerid</populatingSearch>
</fieldset>
make a token reference in your panel searches 
ex: 
<chart>
<search>
<query>

....base search customerid="$customerid$"|stats count as Purchases 
</query>
</search>
</chart>

search for simple xml forms and that will provide you more examples. Hope this helps
thanks
Raghav

View solution in original post

Raghav2384
Motivator
Have you considered using a form element?
Example: customerid would be a drop down with all the ids.

Step1: edit xml
Step2: replace <dashboard> & </dashboard> with <form> and </form>
Step3: After label tag insert something like
<fieldset>
<input type="dropdown" token="customerid" searchWhenChanged="false">
<choice value="*"> All</choice>
<default>All</default>
<populatingSearch fieldForValue="customerid" fieldForLabel="customerid">base search...|top 50 customerid</populatingSearch>
</fieldset>
make a token reference in your panel searches 
ex: 
<chart>
<search>
<query>

....base search customerid="$customerid$"|stats count as Purchases 
</query>
</search>
</chart>

search for simple xml forms and that will provide you more examples. Hope this helps
thanks
Raghav
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...