I think the closest you can get to emulating the vanilla Splunk search bar on a dashboard is to use a time selector input, textbox input, and submit button input. With these three inputs the user can select search time window and with the textbox insert some sort of filter criteria, whether that be a specific field value or any other sort of SPL that can be passed into a search elsewhere on the dashboard.
Default size of textbox input is pretty small so probably wouldn't work so well for full search SPL but should work out nicely for searching specific field values (e.i. fieldname=$textbox_input|s$)
Here is an example in its simplest form.
Example of SPL on a panel utilizing the textbox input from the dashboard
index=<index> sourcetype=<sourcetype> uid=$textbox_input|s$
| stats
count as count,
earliest(_time) as earliest_epoch,
latest(_time) as latest_epoch,
values(host) as host
by uid
I think the closest you can get to emulating the vanilla Splunk search bar on a dashboard is to use a time selector input, textbox input, and submit button input. With these three inputs the user can select search time window and with the textbox insert some sort of filter criteria, whether that be a specific field value or any other sort of SPL that can be passed into a search elsewhere on the dashboard.
Default size of textbox input is pretty small so probably wouldn't work so well for full search SPL but should work out nicely for searching specific field values (e.i. fieldname=$textbox_input|s$)
Here is an example in its simplest form.
Example of SPL on a panel utilizing the textbox input from the dashboard
index=<index> sourcetype=<sourcetype> uid=$textbox_input|s$
| stats
count as count,
earliest(_time) as earliest_epoch,
latest(_time) as latest_epoch,
values(host) as host
by uid
Thank you for your reply.
I have a dashboard. I would like to add a search bar, where a user can enter a talend's job name and launch a search with a button.
Example:
I would like to put it in a <fieldset> tag.
