Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to build a dashboard with different input types to generate the results of a report?

qxu5715
Explorer
‎05-28-2018 05:57 AM

Hello Community,

I'm sorry if this question has already been asked, but I'm still a newbie in Splunk so please be gentle with me 🙂
In this case, u can just link the relevant question/answer.

I want to build a Dashboard with different Input types, that is generating the results of a report. I already know, that this is quite simple with an inline search, but I want to use the Dashboard explicitly with a report/savedsearch.

To sum up: I wanna have a Dashboard, where u can use a text input/radio buttons etc. to let the report know, what it has to search for.

The idea is that I wanna build a couple of Reports that are implemented in a few different Dashboards. If I should change sth. in one of those reports, the changes shall affect the Dashboards as well, so that I don't have to make all these changes for every single Dashboard.

I hope my problem gets clear.

Thanks and Regards

0 Karma
Reply

niketn
Legend
‎05-28-2018 08:55 AM

@qxu5715, you can refer to following documentation to add a Saved Search (Report) as a panel in Dashboard.

Another option for you would be to use Saved Search command for the report inside dashboard <search><query> to get the results. With the savedsearch, you can pipe in your own filters on the existing search.

Ideally you would use Schedule a Saved Search and use that in your Dashboard Panel so that results from previous run of scheduled search is loaded on your dashboard and each time a user opens the dashboard/refreshes a new search is not executed. Refer to Splunk Documentation on Performance/Access considerations for using Reports in Dashboard

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

qxu5715
Explorer
‎05-29-2018 07:44 AM

@niketn,

I've already tried it with a savedsearch, but either nothing happened or the error "Could not find variable in the argument map" occured.
I've tried several opportunities like:

|savedsearch testsavedsearch |where Value_in_Report=$Token_Name$
|savedsearch testsavedsearch |search Value_in_Report=$Token_Name$
|savedsearch testsavedsearch Value_in_Report=$Token_Name$

Furthermore I've tried it with a report, where the token is also implemented:

index=main sourcetype=test Value_in_Report=$Token_Name$ |timechart ....

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎05-28-2018 06:40 AM

Check out this app. It has tons of examples of how to use tokens. If you do all the exercises, you will vastly increase your dashboarding knowledge

https://splunkbase.splunk.com/app/1603/

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...