Dashboards & Visualizations

dropdown for the field

splunkpoornima
Communicator

Hi all,

i have an log4j logs in that i have extracted the User names ...so now my field User has 79 user names what i need is i want a dropdown in that i want this 79 name to be in that list so that if i click any one of the name i want to see the log related to that Username

plz give an idea to proceed

thanks in advance,
poornima

Tags (1)
0 Karma

smolcj
Builder

Cool... enjoy splunking 🙂

0 Karma

splunkpoornima
Communicator

thanks guys..
its working!!!!

0 Karma

sruthy
Explorer

searchtemplate>source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log" $username$|fields - _time </searchtemplate>

or
searchtemplate>source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log" $username$|fields host index ..... </searchtemplate>

0 Karma

splunkpoornima
Communicator


<![CDATA[source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log"
| rex FIELD=_raw "User: (?.*)"
| stats count by User]]>





Transaction
source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log" $username$



after run this code.i got the table as above with time field ..but i want to remove that

0 Karma

smolcj
Builder

your search | fields - _time

0 Karma

splunkpoornima
Communicator

please verify the attachment contains the ouput..

in that table i want to remove the _time coloumn alone

alt text

plz suggest the way

0 Karma

Drainy
Champion

A quick Google for, "Splunk forms drop down" revealed;

http://docs.splunk.com/Documentation/Splunk/4.3/Developer/AddDropDowns

Let us know if you hit any specific problem or issue

splunkpoornima
Communicator

hi ayn i found the answer for that..

i used choice value ...

thanks

0 Karma

Ayn
Legend

Well, as you can see in the DOCS *hint*...

<default>    The default option to select.

If the default option cannot be found, the first option is selected.
0 Karma

splunkpoornima
Communicator

Hi ayn,

I got the answer..but one small problem..

i have inserted the * but this * is not geting listed down in the dropdown

0 Karma

Ayn
Legend

stats values(User) returns just one event. That won't work. Study the link Drainy gave you. It clearly shows how all examples have one line per item in the dropdown.

0 Karma

splunkpoornima
Communicator

I verifed the given link and i craeted the code as below







|savedsearch"UserExtraction"





"UserExtraction" has source="AMGDCPROSAPPP1.log"| rex FIELD=_raw "User: (?.*)"|stats values(User)

correct me if i went wrong in the above code

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...