Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to generate a drop-down form based on values from a lookup table?

deepthi5
Path Finder
‎07-27-2015 05:14 AM

Hi all ,

I have a search which uses a lookup datacentre.csv that has fields country start, hour, end hour, and I want to generate a drop-down list in my dashboard based on the country names present in the lookup file.

Can some one help please?

source="C:\\Budapest Router1full.csv" host="SEZ00VVM-153"   sourcetype="csv" date_wday!=saturday AND date_wday!=sunday| rex field=source "(?<country>.*?)$"| lookup datacentre.csv country OUTPUT start_hour end_hour receivebandwidth |where date_hour>=start_hour AND date_hour<= end_hour | eval Intraffic=IN/1048576 |timechart span=1h perc95(Intraffic) AS 95thPercentile ,values(receivebandwidth) as MAXIN-Bandwidth
0 Karma
Reply

somesoni2
Revered Legend
‎07-27-2015 01:27 PM

You can have following for your dropdown code in your dashboard.

<input type="dropdown" token="country" searchWhenChanged="true">
      <label>Year</label>
      <choice value="*">All</choice>
      <search>
        <query>| lookup datacentre.csv | stats count by country</query>
      </search>
      <fieldForLabel>country</fieldForLabel>
      <fieldForValue>country</fieldForValue>
      <default>*</default>
    </input>

Now change your search like this to use the token

source="C:\\Budapest Router1full.csv" host="SEZ00VVM-153"   sourcetype="csv" date_wday!=saturday AND date_wday!=sunday| rex field=source "(?<country>.*?)$" | search country="$country$"| lookup datacentre.csv country OUTPUT start_hour end_hour receivebandwidth |where date_hour>=start_hour AND date_hour<= end_hour | eval Intraffic=IN/1048576 |timechart span=1h perc95(Intraffic) AS 95thPercentile ,values(receivebandwidth) as MAXIN-Bandwidth
0 Karma
Reply

jeffland
SplunkTrust
SplunkTrust
‎07-27-2015 05:59 AM

Simply supply a search with the lookup as the search that powers the "Dynamic options" for the dropdown and select the fields for label and value appropriately.

I am sure the markup messed up your search, please post it as code and not as raw text (with the little icon above the text field for example).

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...