Dashboards & Visualizations

How to have dynamic values in dropdown from a column in csv ?

himanibabbar
Engager

I am very new to splunk, so I have a csv which which i want to show as a table in splunk and i did it using the table command, now i want to have a dropdown based on IDs column and when someone select any ID value from dropdown table should only show the selected ID rows.

Secondly i want to change the color of the GAC_percent column cells based on their value such as if GAC_percent > 90.00% , cell color should be green.  Any help is much appreciated. Thanks 

IDsDropFeatures
GAC_percent
GAC 
A200411 P, 1 B for 2004 Trend97.51%g
A200311 P, 1 B for 2003 Trend88.00%y
B200312 P, 10B for 2003 Trend 89.00%y
B20043 P, 2 B for 20Q4 Trend 97.51%g

 

Labels (1)
0 Karma

to4kawa
Ultra Champion

sample:

 

<form>
  <label>sample table fm CSV</label>
        <search id="base">
        <query>| makeresults 
| eval _raw="IDs,Drop,Features,GAC_percent,GAC
A,2004,11 P# 1 B for 2004 Trend,97.51%,g
A,2003,11 P# 1 B for 2003 Trend,88.00%,y
B,2003,12 P# 10B for 2003 Trend,89.00%,y
B,2004,3 P# 2 B for 20Q4 Trend,97.51%,g"
| multikv forceheader=1
| table IDs,Drop,Features,GAC_percent,GAC</query>
        <earliest>0</earliest>
        <latest></latest>
      </search>
  <fieldset submitButton="false">
    <input type="dropdown" token="ID_token">
      <label>IDs</label>
      <fieldForLabel>IDs</fieldForLabel>
      <fieldForValue>IDs</fieldForValue>
      <search base="base">
        <query>| dedup IDs</query>
      </search>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search base="base">
          <query>| eval Features=replace(Features,"#",",")
| eval GAC_percent=rtrim(GAC_percent,"%")
| search IDs=$ID_token$</query>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">none</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
        <format type="number" field="GAC_percent">
          <option name="unit">%</option>
        </format>
        <format type="color" field="GAC_percent">
          <colorPalette type="list">[#53A051,#DC4E41]</colorPalette>
          <scale type="threshold">90</scale>
        </format>
      </table>
    </panel>
  </row>
</form>

 

Please use following:

 

        <search id="base">
        <query>| inputlookup your_csv
| table IDs,Drop,Features,GAC_percent,GAC</query>

 

 

 

himanibabbar
Engager

hi really thanks for the help but i am not sure about the inputllookup how i am getting data is

index ="abc" source ="aa"|table "IDs",... so on

can u help now? Thanks

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...