Dashboards & Visualizations

Show list of Eventtypes in Dashboard Drop Down

Asolano4224
New Member

I have multiple event types that are tagged with either Defect or Error.

What I would like to do is show all the eventtypes in a drop down on a dashboard so i will be able to search by eventtype.

Tags (1)
0 Karma

woodcock
Esteemed Legend

Here is a much better (faster and always complete) way to get your eventtype names:

| rest/servicesNS/-/-/configs/conf-eventtypes 
| search eai:acl.app="*" 
| dedup id 
| table eai:acl.owner eai:acl.sharing disabled title search priority 
| rename eai:acl.* AS *
| table title
| sort 0 title

If you need only those in context of app foo, then change to this part:

| rest/servicesNS/-/foo/configs/conf-eventtypes

If you need only those owned by app foo, then change to this part:

| rest/servicesNS/-/foo/configs/conf-eventtypes
| search eai:acl.app="foo"
0 Karma

DalJeanis
Legend

1) code a search that gives you the list you want.

for example

index=foo  (your search terms that gets all events for the time range) | dedup eventtype | table eventtype | sort 0 eventype

2) put that search as the source query for the dropdown and set <fieldForLabel> and <fieldForValue> to eventtype.

There is an example input similar to this (but slightly more complicated in the query itself) called TokFilter1 here...
https://answers.splunk.com/answers/590143/how-to-dynamically-populate-field-names-in-dropdow.html

Look for the section that starts <input type="dropdown" token="tokFilter1" searchWhenChanged="true"> and ends </input>.

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...