Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you connected static drop-down to table

fabiyogo1
Loves-to-Learn Lots
‎03-26-2025 08:47 PM

I have a problem with the splunk classic dashboard that I have created,
where the problem is that the table dashboard that I have created is not connected properly to the dropdown that I have created, as an example I provide the source of the dashboard that I have created as follows:

<input type="text" token="end_id" searchWhenChanged="true">
<label>End To End Id</label>
<default>*</default>
</input>

<input type="dropdown" token="code_cihub">
<label>Code Transaction CI HUB</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>code_cihub</fieldForLabel>
<fieldForValue>code_cihub</fieldForValue>
<search>
<query>index="x"
| where isnotnull(StatusTransactionBI)
| eval "Status Transaction CI HUB" = if(StatusTransactionBI == "U000", "Success", "Failed")
| lookup statust_description.csv code as StatusTransactionBI OUTPUT description
| rename EndtoendIdOrgnlBI as "End To End Id", StatusTransactionBI as "Code Transaction CI HUB", description as "Description CI HUB"
| dedup "End To End Id"
| join type=outer "End To End Id"
[search index="x"
| where isnotnull(StatusTransactionOrgnl)
| eval "Info Transaction CI HUB"=case(AddtionalOrgnl == "O 123", "Normal Transaction",
AddtionalOrgnl == "O 70", "Velocity Transaction",
AddtionalOrgnl == "O 71", "Gambling RFI",
AddtionalOrgnl == "O 72", "Gambling OFI",
AddtionalOrgnl == "O 73", "DTTOT Transaction",
true(), "Other"
)
| rename EndtoendIdOrgnl as "End To End Id"
| search "Info Transaction CI HUB"="$info$"
]
| search "End To End Id"="$end_id$" "Status Transaction CI HUB"="$status_cihub$"
| stats count by "Code Transaction CI HUB"
| rename "Code Transaction CI HUB" as code_cihub</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
</input>

<input type="dropdown" token="info">
<label>Info Transaction CI HUB</label>
<choice value="*">All</choice>
<choice value="O 70">Velocity Transaction</choice>
<choice value="O 71">Gambling RFI</choice>
<choice value="O 72">Gambling OFI</choice>
<choice value="O 73">DTTOT Transaction</choice>
<default>*</default>
<fieldForLabel>info</fieldForLabel>
<fieldForValue>info</fieldForValue>
<search>
<query>index="x"
| where isnotnull(StatusTransactionBI)
| eval "Status Transaction CI HUB" = if(StatusTransactionBI == "U000", "Success", "Failed")
| lookup statust_description.csv code as StatusTransactionBI OUTPUT description
| rename EndtoendIdOrgnlBI as "End To End Id", StatusTransactionBI as "Code Transaction CI HUB", description as "Description CI HUB"
| dedup "End To End Id"
| join type=outer "End To End Id"
[search index="x"
| where isnotnull(StatusTransactionOrgnl)
| eval "Info Transaction CI HUB"=case(AddtionalOrgnl == "O 123", "Normal Transaction",
AddtionalOrgnl == "O 70", "Velocity Transaction",
AddtionalOrgnl == "O 71", "Gambling RFI",
AddtionalOrgnl == "O 72", "Gambling OFI",
AddtionalOrgnl == "O 73", "DTTOT Transaction",
true(), "Other"
)
| rename EndtoendIdOrgnl as "End To End Id"
]
| search "End To End Id"="$end_id$" "Status Transaction CI HUB"="$status_cihub$"
| stats count by "Info Transaction CI HUB"
| rename "Info Transaction CI HUB" as info</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
</input>

<input type="dropdown" token="status_cihub">
<label>Status Transaction CI HUB</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>status_cihub</fieldForLabel>
<fieldForValue>status_cihub</fieldForValue>
<search>
<query>index="x"
| where isnotnull(StatusTransactionBI)
| eval "Status Transaction CI HUB" = if(StatusTransactionBI == "U000", "Success", "Failed")
| lookup statust_description.csv code as StatusTransactionBI OUTPUT description
| rename EndtoendIdOrgnlBI as "End To End Id", StatusTransactionBI as "Code Transaction CI HUB", description as "Description CI HUB"
| dedup "End To End Id"
| join type=outer "End To End Id"
[search index="x"
| where isnotnull(StatusTransactionOrgnl)
| eval "Info Transaction CI HUB"=case(AddtionalOrgnl == "O 123", "Normal Transaction",
AddtionalOrgnl == "O 70", "Velocity Transaction",
AddtionalOrgnl == "O 71", "Gambling RFI",
AddtionalOrgnl == "O 72", "Gambling OFI",
AddtionalOrgnl == "O 73", "DTTOT Transaction",
true(), "Other"
)
| rename EndtoendIdOrgnl as "End To End Id"
| search "Info Transaction CI HUB"="$info$"
]
| search "End To End Id"="$end_id$" "Code Transaction CI HUB"="$code_cihub$"
| stats count by "Status Transaction CI HUB"
| rename "Status Transaction CI HUB" as status_cihub</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
</input>

<row>
<panel>
<table>
<title>Monitoring Response</title>
<search>
<query>index="x"
| where isnotnull(StatusTransactionBI)
| eval "Status Transaction CI HUB" = if(StatusTransactionBI == "U000", "Success", "Failed")
| lookup statust_description.csv code as StatusTransactionBI OUTPUT description
| rename EndtoendIdOrgnlBI as "End To End Id", StatusTransactionBI as "Code Transaction CI HUB", description as "Description CI HUB"
| dedup "End To End Id"
| join type=outer "End To End Id"
[search index="x"
| where isnotnull(StatusTransactionOrgnl)
| eval "Info Transaction CI HUB"=case(AddtionalOrgnl == "O 123", "Normal Transaction",
AddtionalOrgnl == "O 70", "Velocity Transaction",
AddtionalOrgnl == "O 71", "Gambling RFI",
AddtionalOrgnl == "O 72", "Gambling OFI",
AddtionalOrgnl == "O 73", "DTTOT Transaction",
true(), "Other"
)
| rename EndtoendIdOrgnl as "End To End Id"
| search "Info Transaction CI HUB"="$info$"
]
| search "End To End Id"="$end_id$" "Code Transaction CI HUB"="$code_cihub$" "Status Transaction CI HUB"="$status_cihub$"
| table _time, "End To End Id", "Code Transaction CI HUB", "Info Transaction CI HUB", "Status Transaction CI HUB", "Description CI HUB"
| sort - _time</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
</table>
</panel>
</row>

the main problem I'm facing is, on the “Info Transaction CI HUB” dropdown that I made static, where if I select one of the values, the contents in the “Monitoring Response” table do not change according to the dropdown value of “Info Transaction CI HUB” that I have selected before.

please help me to solve the problem
Thank you

Labels (2)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-27-2025 02:58 AM

Your info token equates to a short code yet your search is converting the code to a friendlier term before you search, could this be why your search is not working?

| eval "Info Transaction CI HUB"=case(AddtionalOrgnl == "O 123", "Normal Transaction",
AddtionalOrgnl == "O 70", "Velocity Transaction",
AddtionalOrgnl == "O 71", "Gambling RFI",
AddtionalOrgnl == "O 72", "Gambling OFI",
AddtionalOrgnl == "O 73", "DTTOT Transaction",
true(), "Other"
)
| rename EndtoendIdOrgnl as "End To End Id"
| search "Info Transaction CI HUB"="$info$"
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...