Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need to fetch the results dynamically from the dropdown using eval condition

sbollam
Explorer
‎10-15-2023 10:16 PM

Hello All,

I have a requirement on the dropdowns, I have a following lookup file which contains application, environment and index details, I need to get the environment details related to each application when i choose app details from the dropdown, similarly with the index dropdown, it must only give the index details based on the values that i choose in the application and environment dropdowns. I could get the desired results while using the lookup file.

But how can this be achieved using eval condition in the splunk dashboard rather than using the lookup file. I have the values of the fields in the splunk results.

applicationenvironmentindex
app_aDEVaws-app_a_npd
app_aPPRaws-app_a_ppr
app_aTESTaws-app_a_test
app_aSUPaws-app_a_sup
app_aPRODaws-app_a_prod
app_bNPDaws-app_b_npd
app_bSUPaws-app_b_sup
app_bPRODaws-app_b_prod
app_cNPDaws-app_c_npd
app_cSUPaws-app_c_sup
app_cPRODaws-app_c_prod
Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-15-2023 11:14 PM

Hi @sbollam ,

you have to create three cascade dropdown list, concatenated uing the tokens of the previous ones, something like this:

  <fieldset submitButton="false">
    <input type="dropdown" token="application">
      <label>Application</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>Application</fieldForLabel>
      <fieldForValue>Application</fieldForValue>
      <search>
        <query>
           | inputlookup my_lookup.csv
           | dedup Application
           | sort Application
           | table Application
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="environment">
      <label>Environment</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>Environment</fieldForLabel>
      <fieldForValue>Environment</fieldForValue>
      <search>
        <query>
           | inputlookup my_lookup.csv WHERE Application=$application$
           | dedup Environment
           | sort Environment
           | table Environment
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="index">
      <label>index</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>index</fieldForLabel>
      <fieldForValue>index</fieldForValue>
      <search>
        <query>
           | inputlookup my_lookup.csv WHERE Application=$application$ AND index=$index$
           | dedup index
           | sort index
           | table index
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
  </fieldset>

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...