Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Populate dropdown from searchTemplate

Simon
Contributor
‎02-19-2014 03:44 AM

Hi all,

in Splunk 6 SimpleXML dashboards, there is support for a global search template (<searchTemplate />) and postprocessing (<searchPostProcess />) in panels later.
Is it somehow possible to postprocess the searchtemplate to populate a dropdown input?

Thanks,
Simon

Reply

gfreitas
Builder
‎02-19-2014 04:57 AM

Hi Simon,

I have some dashboards that populate a dropdown, it's like this:

<fieldset>
<input type="dropdown" token="dropdownlabel">
<label>Select:</label>
<populatingSearch fieldForValue="dropdownlabel" fieldForLabel="dropdownlabel">
<![CDATA[sourcetype="src" earliest=-7d | stats count by dropdownlabel]]>
</populatingSearch>
</input>
<input type="time">
<default>Last 7 days</default>
</input>
</fieldset>

You just needs to wait some seconds until the search return the list of dropdown and then select the content.
Hope this helps!

Reply

cramasta
Builder
‎05-05-2014 11:54 AM

Anyone from Splunk able to comment on this? I would also like to postprocess the search template to populate my values in the dropdown menu.

0 Karma
Reply

helenashton
Path Finder
‎01-08-2015 02:44 PM

did you ever find an answer to this?

0 Karma
Reply

somesoni2
Revered Legend
‎02-19-2014 08:13 AM

I believe works only for row elements.

0 Karma
Reply

Simon
Contributor
‎02-19-2014 05:03 AM

And later of course

Hello,
Thanks I was aware of this option!
I rather was searching for a solution to only have one running search,e.g.

<row>
    <chart>
      <searchPostProcess>search sourcetype="$sourcetype$"|  timechart count by sourcetype
      ...
    </chart>
</row>
0 Karma
Reply

Simon
Contributor
‎02-19-2014 05:03 AM

Hello,
Thanks I was aware of this option!
I rather was searching for a solution to only have one running search,e.g.

<form>
  <searchTemplate>index=_internal</searchTemplate>
  <fieldset>
    <input type="dropdown" token="sourcetype=" fieldForValue="sourcetype" fieldForLabel="label">
     <searchPostProcess>stats count by sourcetype | eval label=sourcetype." (".count.")"</searchPostProcess>
     <choice value="*">All</choice>
     <default>*</choice>
    </input>
  </fieldset>
</form>
0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...