Hello Splunk Community,
I am probably a 3 out of 10 when it comes to Splunk knowledge. I have connected my database with the DB connect app. I would like to create an app with a form that searches this SQL query:
SELECT to_jid, sent_date, subject, thread_id, msg_type, direction, body_len, message_len,
body_string, message_string, body_text, message_text, history_flag
FROM jm
WHERE from_jid like 'bob@cisco.com%';
I would like the user to be able to update the where clause with just an input box because the users do not know SQL so I want to hide that from them.
So basically they open the app > enter a name in the textbox > splunk searches the database and returns the results to the user.
Would anyone have a quick example of doing this?
I appreciate your help!
After creating a dashboard, go into the edit mode and add a text input. It will default to field1. You can reference it as token/variable in another search in your dashboard. i.e. index=my_index $field1$.
After creating a dashboard, go into the edit mode and add a text input. It will default to field1. You can reference it as token/variable in another search in your dashboard. i.e. index=my_index $field1$.