Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to create a dashboard with a drop-down populated with extracted field headers from a CSV file?

cdstealer
Contributor
‎03-05-2015 03:52 AM

Hi,

I have imported a CSV file which has auto extracted the column heading and values 🙂 The task I have now is to create a dashboard where the user can select the time period (done) and then select the the field header they are interested in. Is this possible and how do I get the extracted headers into the drop-down?

Cheers

Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎03-08-2015 01:37 PM

You just want the CSV header names (e.g. field1, field2) into the dropdown? If yes try below query:

<form>
   <fieldset>
     <input type="time" token="field1">
       <label></label>
       <default>
         <earliest>0</earliest>
         <latest></latest>
       </default>
     </input>
     <input type="dropdown">
       <search>
         <query>index=storage_csv sourcetype=storage_csv | head 1 | transpose | fields column | search column=CLASS* </query>
           <earliest>$field1.earliest$</earliest>
           <latest>$field1.latest$</latest>
       </search>
<fieldForLabel>column</fieldForLabel>
   <fieldForValue>column</fieldForValue>
     </input>
   </fieldset>
 </form>

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎03-08-2015 01:37 PM

You just want the CSV header names (e.g. field1, field2) into the dropdown? If yes try below query:

<form>
   <fieldset>
     <input type="time" token="field1">
       <label></label>
       <default>
         <earliest>0</earliest>
         <latest></latest>
       </default>
     </input>
     <input type="dropdown">
       <search>
         <query>index=storage_csv sourcetype=storage_csv | head 1 | transpose | fields column | search column=CLASS* </query>
           <earliest>$field1.earliest$</earliest>
           <latest>$field1.latest$</latest>
       </search>
<fieldForLabel>column</fieldForLabel>
   <fieldForValue>column</fieldForValue>
     </input>
   </fieldset>
 </form>
Reply
Solved! Jump to solution

cdstealer
Contributor
‎03-09-2015 12:30 AM

somesoni2.. you sir, are a life saver! Thank you very very much 🙂

Reply
Solved! Jump to solution

muebel
SplunkTrust
SplunkTrust
‎03-06-2015 06:32 PM

Seems like you will want to setup a Form with with dropdown fieldset:

<form>
  <fieldset>
    <input type="dropdown">
      <search>
        <query>source=csv | fields field1,field2</query>
      </search>
    </input>
  </fieldset>
</form>

Something like this will populate a dropdown with the results from the search you specify.

0 Karma
Reply
Solved! Jump to solution

cdstealer
Contributor
‎03-06-2015 10:06 PM

Hi Muebel,
Thanks for the reply.. unfortunately I've already done that (kind of).. Specifying individual fields is not realistic due to the amount of them. The query I used is index=storage_csv sourcetype=storage_csv | fields "CLASS*" but it complains of "duplicate labels" of which there are none. This is a very basic XML that I've used:

<form>
  <fieldset>
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>0</earliest>
        <latest></latest>
      </default>
    </input>
    <input type="dropdown">
      <search>
        <query>index=storage_csv sourcetype=storage_csv | fields "CLASS*"</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
      </search>
    </input>
  </fieldset>
</form>

Running the query manually returns the fields as expected.

0 Karma
Reply
Solved! Jump to solution

saura1312
Engager
‎11-21-2016 12:17 AM

Where do i keep this XMLs? please explain in detail

0 Karma
Reply
Solved! Jump to solution

muebel
SplunkTrust
SplunkTrust
‎03-07-2015 01:14 AM

Ah, I left a bit out. You will need to add a couple more elements to the dropdown input:

  <fieldForLabel>CLASS</fieldForLabel>
  <fieldForValue>CLASS</fieldForValue>
0 Karma
Reply
Solved! Jump to solution

cdstealer
Contributor
‎03-07-2015 03:22 AM

Hi Muebel,
Thanks again.. unfortunately I still get the "Duplicate labels" error. I ran the query index=storage_csv sourcetype=storage_csv | transpose | rename column as class | sort -class to ensure there were no duplicates being returned. Which of course there aren't. I am utterly stuck on this one 😞

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...