how to create multiple independent dropdown in a d...

sayanidasgupta · ‎05-31-2018

how to add three different dropdown in a dashboard, the dashboard values are independent means suppose I select one value in dropdown1 for that values in dropdown2 or 3 will not change, similarly if select any value from dropdown2 values of dropdown1 and 3 will not change, and among them one should be a time range picker.

E.G - I want the data of all vehicles (maruti, auto, bus, train, metro, ALL - values of DROPDOWN 1) traffic for last 7 days (default splunk time range picker - DROPDOWN 3) in a particular time span (5 minutes, 30 minutes, 1 hour etc. - values of DROPDOWN 2)

means I need search report for particular services for a particular time period on a specific span - e.g in last 7 days in a span of 30 minutes how much traffic came for one mobile network.

Please help me out

niketn · ‎05-31-2018

@sayanidasgupta, please try the following run anywhere example based on information provided in the question. It uses a Submit button to push the values of Dropdown Selections as tokens to the Panel with search.

<form>
  <label>Independent Dropdown for Search</label>
  <fieldset submitButton="true">
    <input type="dropdown" token="tokVehicle" searchWhenChanged="false">
      <label>Select Vehicle</label>
      <choice value="*">All</choice>
      <fieldForLabel>Vehicle</fieldForLabel>
      <fieldForValue>Vehicle</fieldForValue>
      <search>
        <query>|  makeresults
|  eval Vehicle="maruti,auto,bus,train,metro"
|  makemv Vehicle delim=","
|  mvexpand Vehicle
|  dedup Vehicle
|  sort Vehicle
|  table Vehicle</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <default>*</default>
    </input>
    <input type="time" token="tokTime" searchWhenChanged="false">
      <label>Select Time</label>
      <default>
        <earliest>-7d@h</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="dropdown" token="tokSpan" searchWhenChanged="false">
      <label>Select Span</label>
      <choice value="5min">5 Min</choice>
      <choice value="30m">30 Min</choice>
      <choice value="1h">Hourly</choice>
      <choice value="1d">Daily</choice>
      <default>1d</default>
    </input>
  </fieldset>
  <row>
    <panel>
      <chart>
        <title>Search Filter</title>
        <search>
          <query>|  gentimes start=-11 span=1d 
|  eval _time=starttime
|  table _time
|  appendcols
    [|  makeresults
    |  fields - _time
|  eval Vehicle="maruti,auto,bus,train,metro,maruti,auto,bus,bus,metro,train" 
|  makemv Vehicle delim=","
|  mvexpand Vehicle]
|  appendcols
    [|  makeresults
    |  fields - _time
|  eval count="3,4,10,30,20,2,4,10,12,21,15" 
|  makemv count delim=","
|  mvexpand count]
|  search Vehicle="$tokVehicle$"
|  timechart span="$tokSpan$" sum(count) as Total by Vehicle</query>
          <earliest>$tokTime.earliest$</earliest>
          <latest>$tokTime.latest$</latest>
        </search>
        <option name="charting.chart">column</option>
        <option name="charting.chart.nullValueMode">zero</option>
        <option name="charting.drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </chart>
    </panel>
  </row>
</form>

Kindly change as per your needs and use your queries instead of Run anywhere searches used in the example. Try out and confirm!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

how to create multiple independent dropdown in a dashboard??

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Are you a member of the Splunk Community?

how to create multiple independent dropdown in a dashboard??

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition