Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need to fetch the results dynamically from the dropdown using eval condition

sbollam
Explorer
‎10-15-2023 10:16 PM

Hello All,

I have a requirement on the dropdowns, I have a following lookup file which contains application, environment and index details, I need to get the environment details related to each application when i choose app details from the dropdown, similarly with the index dropdown, it must only give the index details based on the values that i choose in the application and environment dropdowns. I could get the desired results while using the lookup file.

But how can this be achieved using eval condition in the splunk dashboard rather than using the lookup file. I have the values of the fields in the splunk results.

applicationenvironmentindex
app_aDEVaws-app_a_npd
app_aPPRaws-app_a_ppr
app_aTESTaws-app_a_test
app_aSUPaws-app_a_sup
app_aPRODaws-app_a_prod
app_bNPDaws-app_b_npd
app_bSUPaws-app_b_sup
app_bPRODaws-app_b_prod
app_cNPDaws-app_c_npd
app_cSUPaws-app_c_sup
app_cPRODaws-app_c_prod
Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-15-2023 11:14 PM

Hi @sbollam ,

you have to create three cascade dropdown list, concatenated uing the tokens of the previous ones, something like this:

  <fieldset submitButton="false">
    <input type="dropdown" token="application">
      <label>Application</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>Application</fieldForLabel>
      <fieldForValue>Application</fieldForValue>
      <search>
        <query>
           | inputlookup my_lookup.csv
           | dedup Application
           | sort Application
           | table Application
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="environment">
      <label>Environment</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>Environment</fieldForLabel>
      <fieldForValue>Environment</fieldForValue>
      <search>
        <query>
           | inputlookup my_lookup.csv WHERE Application=$application$
           | dedup Environment
           | sort Environment
           | table Environment
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="index">
      <label>index</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>index</fieldForLabel>
      <fieldForValue>index</fieldForValue>
      <search>
        <query>
           | inputlookup my_lookup.csv WHERE Application=$application$ AND index=$index$
           | dedup index
           | sort index
           | table index
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
  </fieldset>

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Fall Into Learning with New Splunk Education Courses

Every month, Splunk Education releases new courses to help you branch out, strengthen your data science roots, ...

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

By Martin Hettervik, Senior Consultant and Team Leader at Accelerate at Iver, Splunk MVPThe stats command is ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

Your bank's payment processing system is humming along during a busy afternoon, handling millions in hourly ...