Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

dropdown for the field

splunkpoornima
Communicator
‎12-03-2012 02:50 AM

Hi all,

i have an log4j logs in that i have extracted the User names ...so now my field User has 79 user names what i need is i want a dropdown in that i want this 79 name to be in that list so that if i click any one of the name i want to see the log related to that Username

plz give an idea to proceed

thanks in advance,
poornima

Tags (1)
0 Karma
Reply

smolcj
Builder
‎12-03-2012 06:00 AM

Cool... enjoy splunking 🙂

0 Karma
Reply

splunkpoornima
Communicator
‎12-03-2012 05:59 AM

thanks guys..
its working!!!!

0 Karma
Reply

sruthy
Explorer
‎12-03-2012 05:56 AM

searchtemplate>source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log" $username$|fields - _time </searchtemplate>

or
searchtemplate>source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log" $username$|fields host index ..... </searchtemplate>

0 Karma
Reply

splunkpoornima
Communicator
‎12-03-2012 05:49 AM


<![CDATA[source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log"
| rex FIELD=_raw "User: (?.*)"
| stats count by User]]>





Transaction
source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log" $username$



after run this code.i got the table as above with time field ..but i want to remove that

0 Karma
Reply

smolcj
Builder
‎12-03-2012 05:44 AM

your search | fields - _time

0 Karma
Reply

splunkpoornima
Communicator
‎12-03-2012 05:41 AM

please verify the attachment contains the ouput..

in that table i want to remove the _time coloumn alone

alt text

plz suggest the way

0 Karma
Reply

Drainy
Champion
‎12-03-2012 02:55 AM

A quick Google for, "Splunk forms drop down" revealed;

http://docs.splunk.com/Documentation/Splunk/4.3/Developer/AddDropDowns

Let us know if you hit any specific problem or issue

Reply

splunkpoornima
Communicator
‎12-03-2012 05:37 AM

hi ayn i found the answer for that..

i used choice value ...

thanks

0 Karma
Reply

Ayn
Legend
‎12-03-2012 05:14 AM

Well, as you can see in the DOCS *hint*...

<default>    The default option to select.

If the default option cannot be found, the first option is selected.
0 Karma
Reply

splunkpoornima
Communicator
‎12-03-2012 05:05 AM

Hi ayn,

I got the answer..but one small problem..

i have inserted the * but this * is not geting listed down in the dropdown

0 Karma
Reply

Ayn
Legend
‎12-03-2012 04:17 AM

stats values(User) returns just one event. That won't work. Study the link Drainy gave you. It clearly shows how all examples have one line per item in the dropdown.

0 Karma
Reply

splunkpoornima
Communicator
‎12-03-2012 04:01 AM

I verifed the given link and i craeted the code as below







|savedsearch"UserExtraction"





"UserExtraction" has source="AMGDCPROSAPPP1.log"| rex FIELD=_raw "User: (?.*)"|stats values(User)

correct me if i went wrong in the above code
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...