Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to run a query multiple times depending on the token passed by radio inputs?

ny34940
Path Finder
‎02-21-2018 02:14 AM

Hi

In my dashboard I have 8 Radio Inputs and depending on the selected input one table is created. Now I want to add a ALL input option and the resulting dashboard should have 8 tables. I don't know if this is possible or not as all the radio inputs are using the same query.

The sample query is as follows. Here the token is named as "type". What I want to do is on selecting All option this code snippet runs 8 times, each time having one of the 8 values in the radio input. 

<row>
    <panel>
      <title>Table</title>
      <table><search base="base">
          <query>|eval cat="Original$pan$"
            |stats count(eval($type$ = "car")) as Car count(eval($type$="bike")) as Bike count(eval($type$="train")) as Train by cat month
            |eval Tot= Car + Bike + Train
            |eval Car%= if(Tot>0,round((Car/Tot)*100,0),"0")."%(".Car.")"
            |eval Bike%= if(Tot>0,round((Bike/Tot)*100,0),"0")."%(".Bike.")"
            |eval Train%= if(Tot>0,round((Train/Tot)*100,0),"0")."%(".Train.")"
            |chart values(Car%) values( Bike%)  values( Train%) by cat month
            </query>
        </search>
      </table>
    </panel>
  </row>

Thanks in advance!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎02-21-2018 08:33 AM

You can have eight tables on your dashboard, each with their own depends attribute, and make them visible depending on values set by the dropdown in <change> events. Something like this:

<fieldset submitButton="false">
  <input type="radio" token="unused">
    <label>field1</label>
    <choice value="a">A</choice>
    <choice value="b">B</choice>
    <choice value="all">All</choice>
    <change>
      <condition value="a">
        <set token="table_1">table 1 only</set>
        <unset token="table_2"></unset>
      </condition>
      <condition value="b">
        <unset token="table_1"></unset>
        <set token="table_2">table 2 only</set>
      </condition>
      <condition value="all">
        <set token="table_1">all tables</set>
        <set token="table_2">all tables</set>
      </condition>
    </change>
  </input>
</fieldset>
<row>
  <panel>
    <table depends="$table_1$">
      <search>
        <query>| makeresults | eval i_am_table_1="$table_1$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
    <table depends="$table_2$">
      <search>
        <query>| makeresults | eval i_am_table_2="$table_2$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
  </panel>
</row>

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎02-21-2018 08:33 AM

You can have eight tables on your dashboard, each with their own depends attribute, and make them visible depending on values set by the dropdown in <change> events. Something like this:

<fieldset submitButton="false">
  <input type="radio" token="unused">
    <label>field1</label>
    <choice value="a">A</choice>
    <choice value="b">B</choice>
    <choice value="all">All</choice>
    <change>
      <condition value="a">
        <set token="table_1">table 1 only</set>
        <unset token="table_2"></unset>
      </condition>
      <condition value="b">
        <unset token="table_1"></unset>
        <set token="table_2">table 2 only</set>
      </condition>
      <condition value="all">
        <set token="table_1">all tables</set>
        <set token="table_2">all tables</set>
      </condition>
    </change>
  </input>
</fieldset>
<row>
  <panel>
    <table depends="$table_1$">
      <search>
        <query>| makeresults | eval i_am_table_1="$table_1$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
    <table depends="$table_2$">
      <search>
        <query>| makeresults | eval i_am_table_2="$table_2$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
  </panel>
</row>
0 Karma
Reply
Solved! Jump to solution

ny34940
Path Finder
‎02-27-2018 11:46 AM

Thanks for the answer!

0 Karma
Reply
Solved! Jump to solution

bangalorep
Communicator
‎02-21-2018 02:38 AM

Hello!
Have you tried the Trellis option for the visualisation?

0 Karma
Reply
Solved! Jump to solution

ny34940
Path Finder
‎02-21-2018 02:50 AM

I am using Splunk 6.5 and trellis is not supported in this version.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...