Dashboards & Visualizations

Search Bar

michaelteck
Explorer

Hello everyone and Happy New Year 🙂

 

I'm newbie with splunk. And I try to make a full dynamique dashboard with the app Search & Reporting. 

I work on Talend's logs. I'm looking for to create a search bar for searching job directly but do not use the drop-down menus. 
Is there solution to make a search bar on top of the dashboard with "search" button ? 

Thanks for reading me. 

Labels (1)
0 Karma
1 Solution

dtburrows3
Builder

I think the closest you can get to emulating the vanilla Splunk search bar on a dashboard is to use a time selector input, textbox input, and submit button input. With these three inputs the user can select search time window and with the textbox insert some sort of filter criteria, whether that be a specific field value or any other sort of SPL that can be passed into a search elsewhere on the dashboard. 

Default size of textbox input is pretty small so probably wouldn't work so well for full search SPL but should work out nicely for searching specific field values (e.i. fieldname=$textbox_input|s$)

Here is an example in its simplest form.

dtburrows3_0-1704811894247.png


Example of SPL on a panel utilizing the textbox input from the dashboard

index=<index> sourcetype=<sourcetype> uid=$textbox_input|s$
    | stats
        count as count,
        earliest(_time) as earliest_epoch,
        latest(_time) as latest_epoch,
        values(host) as host
            by uid

 

View solution in original post

0 Karma

dtburrows3
Builder

I think the closest you can get to emulating the vanilla Splunk search bar on a dashboard is to use a time selector input, textbox input, and submit button input. With these three inputs the user can select search time window and with the textbox insert some sort of filter criteria, whether that be a specific field value or any other sort of SPL that can be passed into a search elsewhere on the dashboard. 

Default size of textbox input is pretty small so probably wouldn't work so well for full search SPL but should work out nicely for searching specific field values (e.i. fieldname=$textbox_input|s$)

Here is an example in its simplest form.

dtburrows3_0-1704811894247.png


Example of SPL on a panel utilizing the textbox input from the dashboard

index=<index> sourcetype=<sourcetype> uid=$textbox_input|s$
    | stats
        count as count,
        earliest(_time) as earliest_epoch,
        latest(_time) as latest_epoch,
        values(host) as host
            by uid

 

0 Karma

michaelteck
Explorer

It works, even if I have to manage the time range.

Thanks a lot! 🙂

0 Karma

michaelteck
Explorer

Thank you for your reply.

I have a dashboard. I would like to add a search bar, where a user can enter a talend's job name and launch a search with a button.
Example:

michaelteck_0-1704811584362.png

I would like to put it in a <fieldset> tag.

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @michaelteck ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @michaelteck ,

As I said, you can add a text input to your inputs and use it to give a parameter to your search.

The sample from @dtburrows3 could solve your requirement.

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @michaelteck,

let me understand: you have a dashboard with some panels, in addition you want to add another panel in which user can run a search, using SPL and visualizing results in the same panel, is it correct?

if this is your requirement, you can create a panel with a free text input (inside the same panel.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...