Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Question on using lookup file to display results in dashboard panels

Deepz2612
Explorer
‎07-03-2019 11:56 PM

Hi,

I want a dashboard in which I have the Splunk queries in a lookup file like the below.

Application Name SubName First_Search            Second_Search
XXX         Y    XY      index=<<search>>        index=<<search>>

According to the Application,Name and SubName Inputed,my dashboard panels(1 and 2) has to pickup the query from input file and execute it.

I'm able to write the below and bring them up in one panel,but I'm stuck how to use the token and how to pass them to pick the Second_Search query from lookup file and display the results in second panle.Kindly help me.

<row>
    <panel depends="$show_panel_unique_users$">
      <title>Total Vs Actual Users affected</title>
      <input type="dropdown" token="tokSearchQuery" searchWhenChanged="true">
        <label>Select the Api_Call</label>
        <fieldForLabel>SubName</fieldForLabel>
        <fieldForValue>Search</fieldForValue>
        <search>
          <query>| inputlookup trial.csv | where Name="$tokapi$" AND SubName="$api_call$" |table SubName Search</query>
        </search>
      </input>
      <input type="dropdown" token="tokSearchresponsecode" searchWhenChanged="true">
        <label>Select the Response_code</label>
        <fieldForLabel>response_code</fieldForLabel>
        <fieldForValue>response_code</fieldForValue>
        <search>
          <query>ABC</query>
        </search>
      </input>
      <table>
        <title>Note : Click on the "Unique_Users_Count" to see all the Users affected</title>
        <search>
          <query>inbdex=* </query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="count">50</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
        <format type="color" field="response_code">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <drilldown>
          <condition field="Unique_Users_count">
            <set token="selected_Unique_Users_count">$click.value2$</set>
            <set token="show_panel_actual_users">true</set>
          </condition>
        </drilldown>
      </table>
    </panel>
  </row>
Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎10-25-2019 01:29 PM

Like this:

| inputlookup trial.csv
| where Name="$tokapi$" AND SubName="$api_call$"
| map search="search $Search$ | eval SubName=$SubName$"
0 Karma
Reply

woodcock
Esteemed Legend
‎10-25-2019 01:28 PM

Why did you post this question twice (https://answers.splunk.com/answers/757676/question-on-lookup-and-token-usage.html)? I gave you a good answer over there. Did you even try it?

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...