Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a dashboard with a drop-down form where users can select fields from a CSV file to filter search results on indexed events?

splgeek
Explorer
‎11-22-2016 11:07 AM

I have logs that have information like the following

BROWSER_TYPE
USER_NAME
IP Address

I have a CSV file that I have uploaded, given Global permission.

That CSV file contains:

FIRST_NAME  LAST_NAME   FULL_NAME   USER_ID USERNAME    EMAIL   WORKDOTCOM_USER User.Employee_Type__c   User.Group__c   DIVISION    DEPARTMENT  User.Business_Unit__c   User.Country__c PROFILE CREATED_DATE    LAST_UPDATE LAST_LOGIN

What I want to add to my Dashboard:
In My dashboard, I want to add drop-down form so user can select DIVISION, DEPARTMENT from the csv and filter data accordingly

0 Karma
Reply

sundareshr
Legend
‎11-22-2016 11:20 AM

First, create two dropdown. 1 with token="div" second with token="dept". The queries for the two should be

<input type="dropdown" token="div">
<search><query>| inputlookup csvfile.csv | fields DIVISION | dedup DIVISION | sort DIVISION</query></search>
...
</input>

<input type="dropdown" token="dept">
<search><query>| inputlookup csvfile.csv | where DIVISION=$div$ | dedup dept | field dept | sort dept</query></search>
...
</input>

Then, add a table

  <table>
    <search>
      <query>index=foo sourcetype=bar | lookup csvfile.csv USERNAME AS  USER_NAME OUTPUT DIVISION DEPARTMENT  | where DEPARTMENT=$dept$ AND DIVISION=$div$ | table <<list of fields you would like to display>> </query>
      <earliest>@d</earliest>
      <latest>now</latest>
    </search>
  </table>
0 Karma
Reply

splgeek
Explorer
‎11-22-2016 11:44 AM

Thanks
1st token Div was fine, it populated results in the dropdown

2nd token dept did not work- wont populate anything. - I tried this too | inputlookup All_Users.csv | where DEPARTMENT=$dept$ | dedup DEPARTMENT| fields DEPARTMENT| sort DEPARTMENT

also
when you say Add Table, what do you mean by that

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...