Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search by user request parameter in Splunk Dashboard

gauravepi
Path Finder
‎08-29-2018 08:47 AM

I have a event created which is returning Jason data after search :

eventtype="my_new"

Data returned after this search :

data: {"Id":2001373223232214,"SerialNumber":6773737,"Unique":"200000","messageType":"READY","activeStartTime":"2018-08-29T09:30:00.000-0500","activeEndTime":"2018-08-30T11:00:00.000-0500","additional":["fitness","pool","public"],}

Now i want to give a feature on dashboard to the user if to search whole message by passing Unique number in a search box. I have no clue how we can do this in Splunk . Please help me in this

Tags (1)
0 Karma
Reply

renjith_nair
Legend
‎08-29-2018 09:37 AM

@gauravepi ,
Are you looking for something similar ?

<form>
  <fieldset submitButton="false" autoRun="false">
    <input type="text" token="tok_unique">
      <label>Unique</label>
      <default>*</default>
      <initialValue>*</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <!--Dummy Data Creation-->
          <query>|makeresults|eval json="{\"data\": 
            {
             \"Id\":2001373223232214,
             \"SerialNumber\":6773737,
             \"Unique\":\"200000\",
             \"messageType\":\"READY\",
             \"activeStartTime\":\"2018-08-29T09:30:00.000-0500\",
             \"activeEndTime\":\"2018-08-30T11:00:00.000-0500\",
             \"additional\":[\"fitness\",\"pool\",\"public\"]
             }
             }"|append [|makeresults|eval json="{\"data\": 
            {
             \"Id\":2001373223232314,
             \"SerialNumber\":6773737,
             \"Unique\":\"300000\",
             \"messageType\":\"READY\",
             \"activeStartTime\":\"2018-08-29T09:30:00.000-0500\",
             \"activeEndTime\":\"2018-08-30T11:00:00.000-0500\",
             \"additional\":[\"fitness\",\"pool\",\"public\"]
             }
             }"]
            |spath input=json output=unique path=data.Unique|search unique="$tok_unique$" |fields json</query>
          <earliest>-1m</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>
---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply

gauravepi
Path Finder
‎08-29-2018 10:07 AM

Yes i was looking for this . How we can do this from UI panel. Do you have information regarding that.

0 Karma
Reply

renjith_nair
Legend
‎08-31-2018 08:44 AM

I did the above using UI panel or what exactly you mean?

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...