Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Populate dropdown from searchTemplate

Simon
Contributor
‎02-19-2014 03:44 AM

Hi all,

in Splunk 6 SimpleXML dashboards, there is support for a global search template (<searchTemplate />) and postprocessing (<searchPostProcess />) in panels later.
Is it somehow possible to postprocess the searchtemplate to populate a dropdown input?

Thanks,
Simon

Reply

gfreitas
Builder
‎02-19-2014 04:57 AM

Hi Simon,

I have some dashboards that populate a dropdown, it's like this:

<fieldset>
<input type="dropdown" token="dropdownlabel">
<label>Select:</label>
<populatingSearch fieldForValue="dropdownlabel" fieldForLabel="dropdownlabel">
<![CDATA[sourcetype="src" earliest=-7d | stats count by dropdownlabel]]>
</populatingSearch>
</input>
<input type="time">
<default>Last 7 days</default>
</input>
</fieldset>

You just needs to wait some seconds until the search return the list of dropdown and then select the content.
Hope this helps!

Reply

cramasta
Builder
‎05-05-2014 11:54 AM

Anyone from Splunk able to comment on this? I would also like to postprocess the search template to populate my values in the dropdown menu.

0 Karma
Reply

helenashton
Path Finder
‎01-08-2015 02:44 PM

did you ever find an answer to this?

0 Karma
Reply

somesoni2
Revered Legend
‎02-19-2014 08:13 AM

I believe works only for row elements.

0 Karma
Reply

Simon
Contributor
‎02-19-2014 05:03 AM

And later of course

Hello,
Thanks I was aware of this option!
I rather was searching for a solution to only have one running search,e.g.

<row>
    <chart>
      <searchPostProcess>search sourcetype="$sourcetype$"|  timechart count by sourcetype
      ...
    </chart>
</row>
0 Karma
Reply

Simon
Contributor
‎02-19-2014 05:03 AM

Hello,
Thanks I was aware of this option!
I rather was searching for a solution to only have one running search,e.g.

<form>
  <searchTemplate>index=_internal</searchTemplate>
  <fieldset>
    <input type="dropdown" token="sourcetype=" fieldForValue="sourcetype" fieldForLabel="label">
     <searchPostProcess>stats count by sourcetype | eval label=sourcetype." (".count.")"</searchPostProcess>
     <choice value="*">All</choice>
     <default>*</choice>
    </input>
  </fieldset>
</form>
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...