Dashboards & Visualizations

Using Radio Buttons in a drilldown

twistedsixty4
Path Finder

hey all,
so what im trying to do is use a radial group to change the search in a drilldown by having each radio button specify a different search, but im not sure how to format the parameters to do this. can anyone help?

<module name="RadioButtonSearch">    
<param name="label">Sort by</param>   

???



By Host

(index=windows_security EventCode=4624) OR (index=unix OR
index=unix_secure pam_vas: succeeded)
OR (host="csacs000*" CSCOacs_Passed_Authentications) | top
20 host



By User

(index=windows_security EventCode=4624) OR (index=unix OR
index=unix_secure pam_vas: succeeded)
OR (host="csacs000*" CSCOacs_Passed_Authentications) | top
20 user


1 Solution

sideview
SplunkTrust
SplunkTrust

The RadioButtonSearch module can only create 'addterm' intentions, and that means the values of your radio buttons can each only be single searchterms like "foo" or field values like someField="someValue".

With core Splunk you're probably better off using the "StaticRadio" module, which works a lot like the "StaticSelect" module. The bad news is that you'll have to get used to using the ConvertToIntention module because you'll need it to turn the simple key from StaticRadio into a "stringreplace" intention. (To explain: RadioButtonSearch creates the intention automatically, but again it can only create 'addterm' intentions. StaticRadio doesn't create the intention, only creating a simple key, and this is why you need ConvertToIntention to turn that key value into an "intention". confused?)

Making it harder is the fact that the Dashboard Examples app doesn't contain any working examples for either module. You can find an example of the StaticSelect module though, and between that and between the few "stringreplace" intention examples in there, and the StaticRadio.conf file, it's possible to figure it out.

If you're using Sideview Utils 2.X, you'll have an easier time because you can use the Radio module, and you won't need an intention nor a ConvertToIntention module. Sideview Utils contains its own documentation and working examples for its modules, including for the Radio module. download the app for free ( http://sideviewapps.com/apps/sideview-utils ), and once its installed, use the app navigation to go to "Module Documentation > Form Search Modules > The Radio Module".

View solution in original post

0 Karma

twistedsixty4
Path Finder

So what I ended up doing was using SideviewUtils to do a pulldown and alter the search directly.
here's my code if it will end up helping anyone.

     <module name="Pulldown">
       <param name="staticFieldsToDisplay">
         <list>
         <param name="label">Host</param>
         <param name="value">host</param>
         <param name="selected">true</param>
       </list>
       <list>
         <param name="label">User</param>
         <param name="value">user</param>
       </list>
     </param>
     <param name="name">selectedSort</param>
     <param name="label">Grouping</param>
     <module name="Search">
       <param name="search">(index=windows_security EventCode=4624) OR (index=unix OR index=unix_secure pam_vas: succeeded) OR (host="csacs000*" CSCOacs_Passed_Authentications) | top $selectedSort$ | fields - percent </param>
0 Karma

sideview
SplunkTrust
SplunkTrust

The RadioButtonSearch module can only create 'addterm' intentions, and that means the values of your radio buttons can each only be single searchterms like "foo" or field values like someField="someValue".

With core Splunk you're probably better off using the "StaticRadio" module, which works a lot like the "StaticSelect" module. The bad news is that you'll have to get used to using the ConvertToIntention module because you'll need it to turn the simple key from StaticRadio into a "stringreplace" intention. (To explain: RadioButtonSearch creates the intention automatically, but again it can only create 'addterm' intentions. StaticRadio doesn't create the intention, only creating a simple key, and this is why you need ConvertToIntention to turn that key value into an "intention". confused?)

Making it harder is the fact that the Dashboard Examples app doesn't contain any working examples for either module. You can find an example of the StaticSelect module though, and between that and between the few "stringreplace" intention examples in there, and the StaticRadio.conf file, it's possible to figure it out.

If you're using Sideview Utils 2.X, you'll have an easier time because you can use the Radio module, and you won't need an intention nor a ConvertToIntention module. Sideview Utils contains its own documentation and working examples for its modules, including for the Radio module. download the app for free ( http://sideviewapps.com/apps/sideview-utils ), and once its installed, use the app navigation to go to "Module Documentation > Form Search Modules > The Radio Module".

0 Karma
Get Updates on the Splunk Community!

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...