How to create a dashboard with a drop-down form wh...

splgeek · ‎11-22-2016

I have logs that have information like the following

BROWSER_TYPE
USER_NAME
IP Address

I have a CSV file that I have uploaded, given Global permission.

That CSV file contains:

FIRST_NAME  LAST_NAME   FULL_NAME   USER_ID USERNAME    EMAIL   WORKDOTCOM_USER User.Employee_Type__c   User.Group__c   DIVISION    DEPARTMENT  User.Business_Unit__c   User.Country__c PROFILE CREATED_DATE    LAST_UPDATE LAST_LOGIN

What I want to add to my Dashboard:
In My dashboard, I want to add drop-down form so user can select DIVISION, DEPARTMENT from the csv and filter data accordingly

sundareshr · ‎11-22-2016

First, create two dropdown. 1 with token="div" second with token="dept". The queries for the two should be

<input type="dropdown" token="div">
<search><query>| inputlookup csvfile.csv | fields DIVISION | dedup DIVISION | sort DIVISION</query></search>
...
</input>

<input type="dropdown" token="dept">
<search><query>| inputlookup csvfile.csv | where DIVISION=$div$ | dedup dept | field dept | sort dept</query></search>
...
</input>

Then, add a table

  <table>
    <search>
      <query>index=foo sourcetype=bar | lookup csvfile.csv USERNAME AS  USER_NAME OUTPUT DIVISION DEPARTMENT  | where DEPARTMENT=$dept$ AND DIVISION=$div$ | table <<list of fields you would like to display>> </query>
      <earliest>@d</earliest>
      <latest>now</latest>
    </search>
  </table>

splgeek · ‎11-22-2016

Thanks
1st token Div was fine, it populated results in the dropdown

also
when you say Add Table, what do you mean by that

How to create a dashboard with a drop-down form where users can select fields from a CSV file to filter search results on indexed events?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!