Dashboards & Visualizations

dropdown for the field

splunkpoornima
Communicator

Hi all,

i have an log4j logs in that i have extracted the User names ...so now my field User has 79 user names what i need is i want a dropdown in that i want this 79 name to be in that list so that if i click any one of the name i want to see the log related to that Username

plz give an idea to proceed

thanks in advance,
poornima

Tags (1)
0 Karma

smolcj
Builder

Cool... enjoy splunking 🙂

0 Karma

splunkpoornima
Communicator

thanks guys..
its working!!!!

0 Karma

sruthy
Explorer

searchtemplate>source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log" $username$|fields - _time </searchtemplate>

or
searchtemplate>source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log" $username$|fields host index ..... </searchtemplate>

0 Karma

splunkpoornima
Communicator


<![CDATA[source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log"
| rex FIELD=_raw "User: (?.*)"
| stats count by User]]>





Transaction
source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log" $username$



after run this code.i got the table as above with time field ..but i want to remove that

0 Karma

smolcj
Builder

your search | fields - _time

0 Karma

splunkpoornima
Communicator

please verify the attachment contains the ouput..

in that table i want to remove the _time coloumn alone

alt text

plz suggest the way

0 Karma

Drainy
Champion

A quick Google for, "Splunk forms drop down" revealed;

http://docs.splunk.com/Documentation/Splunk/4.3/Developer/AddDropDowns

Let us know if you hit any specific problem or issue

splunkpoornima
Communicator

hi ayn i found the answer for that..

i used choice value ...

thanks

0 Karma

Ayn
Legend

Well, as you can see in the DOCS *hint*...

<default>    The default option to select.

If the default option cannot be found, the first option is selected.
0 Karma

splunkpoornima
Communicator

Hi ayn,

I got the answer..but one small problem..

i have inserted the * but this * is not geting listed down in the dropdown

0 Karma

Ayn
Legend

stats values(User) returns just one event. That won't work. Study the link Drainy gave you. It clearly shows how all examples have one line per item in the dropdown.

0 Karma

splunkpoornima
Communicator

I verifed the given link and i craeted the code as below







|savedsearch"UserExtraction"





"UserExtraction" has source="AMGDCPROSAPPP1.log"| rex FIELD=_raw "User: (?.*)"|stats values(User)

correct me if i went wrong in the above code

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...