Re: Search by user request parameter in Splunk Das...

gauravepi · ‎08-29-2018

I have a event created which is returning Jason data after search :

eventtype="my_new"

Data returned after this search :

data: {"Id":2001373223232214,"SerialNumber":6773737,"Unique":"200000","messageType":"READY","activeStartTime":"2018-08-29T09:30:00.000-0500","activeEndTime":"2018-08-30T11:00:00.000-0500","additional":["fitness","pool","public"],}

Now i want to give a feature on dashboard to the user if to search whole message by passing Unique number in a search box. I have no clue how we can do this in Splunk . Please help me in this

renjith_nair · ‎08-29-2018

@gauravepi ,
Are you looking for something similar ?

<form>
  <fieldset submitButton="false" autoRun="false">
    <input type="text" token="tok_unique">
      <label>Unique</label>
      <default>*</default>
      <initialValue>*</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <!--Dummy Data Creation-->
          <query>|makeresults|eval json="{\"data\": 
            {
             \"Id\":2001373223232214,
             \"SerialNumber\":6773737,
             \"Unique\":\"200000\",
             \"messageType\":\"READY\",
             \"activeStartTime\":\"2018-08-29T09:30:00.000-0500\",
             \"activeEndTime\":\"2018-08-30T11:00:00.000-0500\",
             \"additional\":[\"fitness\",\"pool\",\"public\"]
             }
             }"|append [|makeresults|eval json="{\"data\": 
            {
             \"Id\":2001373223232314,
             \"SerialNumber\":6773737,
             \"Unique\":\"300000\",
             \"messageType\":\"READY\",
             \"activeStartTime\":\"2018-08-29T09:30:00.000-0500\",
             \"activeEndTime\":\"2018-08-30T11:00:00.000-0500\",
             \"additional\":[\"fitness\",\"pool\",\"public\"]
             }
             }"]
            |spath input=json output=unique path=data.Unique|search unique="$tok_unique$" |fields json</query>
          <earliest>-1m</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>

---
What goes around comes around. If it helps, hit it with Karma 🙂

gauravepi · ‎08-29-2018

Yes i was looking for this . How we can do this from UI panel. Do you have information regarding that.

renjith_nair · ‎08-31-2018

I did the above using UI panel or what exactly you mean?

---
What goes around comes around. If it helps, hit it with Karma 🙂

Search by user request parameter in Splunk Dashboard

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

Search by user request parameter in Splunk Dashboard

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases