Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Show list of Eventtypes in Dashboard Drop Down

Asolano4224
New Member
‎06-22-2018 09:52 AM

I have multiple event types that are tagged with either Defect or Error.

What I would like to do is show all the eventtypes in a drop down on a dashboard so i will be able to search by eventtype.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎06-30-2018 01:24 PM

Here is a much better (faster and always complete) way to get your eventtype names:

| rest/servicesNS/-/-/configs/conf-eventtypes 
| search eai:acl.app="*" 
| dedup id 
| table eai:acl.owner eai:acl.sharing disabled title search priority 
| rename eai:acl.* AS *
| table title
| sort 0 title

If you need only those in context of app foo, then change to this part:

| rest/servicesNS/-/foo/configs/conf-eventtypes

If you need only those owned by app foo, then change to this part:

| rest/servicesNS/-/foo/configs/conf-eventtypes
| search eai:acl.app="foo"
0 Karma
Reply

DalJeanis
Legend
‎06-22-2018 12:42 PM

1) code a search that gives you the list you want.

for example 

index=foo  (your search terms that gets all events for the time range) | dedup eventtype | table eventtype | sort 0 eventype

2) put that search as the source query for the dropdown and set <fieldForLabel> and <fieldForValue> to eventtype.

There is an example input similar to this (but slightly more complicated in the query itself) called TokFilter1 here...
https://answers.splunk.com/answers/590143/how-to-dynamically-populate-field-names-in-dropdow.html

Look for the section that starts <input type="dropdown" token="tokFilter1" searchWhenChanged="true"> and ends </input>.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...