Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to run a query multiple times depending on the token passed by radio inputs?

ny34940
Path Finder
‎02-21-2018 02:14 AM

Hi

In my dashboard I have 8 Radio Inputs and depending on the selected input one table is created. Now I want to add a ALL input option and the resulting dashboard should have 8 tables. I don't know if this is possible or not as all the radio inputs are using the same query.

The sample query is as follows. Here the token is named as "type". What I want to do is on selecting All option this code snippet runs 8 times, each time having one of the 8 values in the radio input. 

<row>
    <panel>
      <title>Table</title>
      <table><search base="base">
          <query>|eval cat="Original$pan$"
            |stats count(eval($type$ = "car")) as Car count(eval($type$="bike")) as Bike count(eval($type$="train")) as Train by cat month
            |eval Tot= Car + Bike + Train
            |eval Car%= if(Tot>0,round((Car/Tot)*100,0),"0")."%(".Car.")"
            |eval Bike%= if(Tot>0,round((Bike/Tot)*100,0),"0")."%(".Bike.")"
            |eval Train%= if(Tot>0,round((Train/Tot)*100,0),"0")."%(".Train.")"
            |chart values(Car%) values( Bike%)  values( Train%) by cat month
            </query>
        </search>
      </table>
    </panel>
  </row>

Thanks in advance!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎02-21-2018 08:33 AM

You can have eight tables on your dashboard, each with their own depends attribute, and make them visible depending on values set by the dropdown in <change> events. Something like this:

<fieldset submitButton="false">
  <input type="radio" token="unused">
    <label>field1</label>
    <choice value="a">A</choice>
    <choice value="b">B</choice>
    <choice value="all">All</choice>
    <change>
      <condition value="a">
        <set token="table_1">table 1 only</set>
        <unset token="table_2"></unset>
      </condition>
      <condition value="b">
        <unset token="table_1"></unset>
        <set token="table_2">table 2 only</set>
      </condition>
      <condition value="all">
        <set token="table_1">all tables</set>
        <set token="table_2">all tables</set>
      </condition>
    </change>
  </input>
</fieldset>
<row>
  <panel>
    <table depends="$table_1$">
      <search>
        <query>| makeresults | eval i_am_table_1="$table_1$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
    <table depends="$table_2$">
      <search>
        <query>| makeresults | eval i_am_table_2="$table_2$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
  </panel>
</row>

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎02-21-2018 08:33 AM

You can have eight tables on your dashboard, each with their own depends attribute, and make them visible depending on values set by the dropdown in <change> events. Something like this:

<fieldset submitButton="false">
  <input type="radio" token="unused">
    <label>field1</label>
    <choice value="a">A</choice>
    <choice value="b">B</choice>
    <choice value="all">All</choice>
    <change>
      <condition value="a">
        <set token="table_1">table 1 only</set>
        <unset token="table_2"></unset>
      </condition>
      <condition value="b">
        <unset token="table_1"></unset>
        <set token="table_2">table 2 only</set>
      </condition>
      <condition value="all">
        <set token="table_1">all tables</set>
        <set token="table_2">all tables</set>
      </condition>
    </change>
  </input>
</fieldset>
<row>
  <panel>
    <table depends="$table_1$">
      <search>
        <query>| makeresults | eval i_am_table_1="$table_1$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
    <table depends="$table_2$">
      <search>
        <query>| makeresults | eval i_am_table_2="$table_2$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
  </panel>
</row>
0 Karma
Reply
Solved! Jump to solution

ny34940
Path Finder
‎02-27-2018 11:46 AM

Thanks for the answer!

0 Karma
Reply
Solved! Jump to solution

bangalorep
Communicator
‎02-21-2018 02:38 AM

Hello!
Have you tried the Trellis option for the visualisation?

0 Karma
Reply
Solved! Jump to solution

ny34940
Path Finder
‎02-21-2018 02:50 AM

I am using Splunk 6.5 and trellis is not supported in this version.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...