Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it possible to create a dashboard with chart where a value is configurable by the user

oriches
Explorer
‎07-08-2013 06:17 AM

I want to create a dashboard where I can change the 'SessionId' in the following query, ideally I want to be able to select one from a dropdown list and the chart would refresh.

host="jedi-sit2" SessionId=7e88e1f8-f06c-4950-bedc-97b2ad51d0e6 | timechart mode(ui_process_memory)

Is this possible?

Reply
1 Solution
Solved! Jump to solution
Solution

nfilippi_splunk
Splunk Employee
Splunk Employee
‎07-08-2013 08:23 AM

You can achieve this through simple xml forms. Here's an example of what it might look like, where there is a dropdown of available session ids that is populated by a Splunk search.

For more information/examples on forms, here's a link to the docs:
http://docs.splunk.com/Documentation/Splunk/latest/Viz/Exampleform

<form>
  <label>session_id_search</label>
  <fieldset>
      <input type="dropdown" token="session_id">
          <label>Session ID:</label>
          <populatingSearch fieldForValue="SessionID" fieldForLabel="SessionID" earliest="-7d@d" latest="now">host="jedi-sit2"
| dedup SessionID</populatingSearch>
      </input>
  </fieldset>
  <row>
    <chart>
      <searchString>host="jedi-sit2" SessionId="$session_id$" | timechart mode(ui_process_memory)</searchString>
      <title>Memory Usage</title>
      <option name="charting.chart">line</option>
      <earliestTime>-7d@d</earliestTime>
      <latestTime>now</latestTime>
    </chart>
  </row>
</form>

View solution in original post

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎07-09-2013 01:24 AM

Note that the latest Sideview Utils is 2.5 and while it's also available under a free license, you have to get it from the Sideview site at http://sideviewapps.com/apps/sideview-utils/ The LGPL version linked to is a much older version (1.3.5). There have been an enormous number of improvements, new features and bugfixes since 1.3.5 so make sure you're on the latest.

0 Karma
Reply
Solved! Jump to solution
Solution

nfilippi_splunk
Splunk Employee
Splunk Employee
‎07-08-2013 08:23 AM

You can achieve this through simple xml forms. Here's an example of what it might look like, where there is a dropdown of available session ids that is populated by a Splunk search.

For more information/examples on forms, here's a link to the docs:
http://docs.splunk.com/Documentation/Splunk/latest/Viz/Exampleform

<form>
  <label>session_id_search</label>
  <fieldset>
      <input type="dropdown" token="session_id">
          <label>Session ID:</label>
          <populatingSearch fieldForValue="SessionID" fieldForLabel="SessionID" earliest="-7d@d" latest="now">host="jedi-sit2"
| dedup SessionID</populatingSearch>
      </input>
  </fieldset>
  <row>
    <chart>
      <searchString>host="jedi-sit2" SessionId="$session_id$" | timechart mode(ui_process_memory)</searchString>
      <title>Memory Usage</title>
      <option name="charting.chart">line</option>
      <earliestTime>-7d@d</earliestTime>
      <latestTime>now</latestTime>
    </chart>
  </row>
</form>
0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎07-08-2013 07:05 AM

http://splunk-base.splunk.com/apps/36405/sideview-utils-lgpl.

Please see the usage terms and conditions. But for reference it's the best

0 Karma
Reply
Solved! Jump to solution

oriches
Explorer
‎07-08-2013 06:50 AM

Where can I find out more about 'Sideview Utils'?

We have a licensed version of splunk

0 Karma
Reply
Solved! Jump to solution

aholzer
Motivator
‎07-08-2013 06:45 AM

As @linu1988 said, Sideview Utils is a really powerful tool that you can use to make sophisticated dashboards and I highly recommend it.

If you are looking for something quicker, you may want to look into the Splunk views called "forms" that come included in the base splunk. They allow you to define dashboards with user inputs.

Sideview Utils has tools that allow you to do the same thing, and in the long term is a better/more robust solution, but if you are just looking for a quick answer, the keyword you are looking for is "form". "Splunk form".

0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎07-08-2013 06:31 AM

Please refer to Splunk UI examples APP / Sideview Utils APP.
You can create dashboards with pulldown /dropdown modules to fill your session ids. Then pass the variable to the search in the dashboard panel. Thanks.

http://docs.splunk.com/Documentation/Splunk/latest/Viz/Exampledashboard

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...