Dashboards & Visualizations

i am reading from log file and have query to return all the host. can we include teh step to categories test/qa/prod in

Jasmine
Path Finder

i am reading teh host from log file and have query to return all the host. 

 

index=aaa  source="/var/log/test1.log"|stats count by host

 

 can we include teh step to categories test/qa/prod in the drop down list  from the list of host returned in the query itself?(using wildcard if host has t then test /if host has q -qa server, etc?

but for now i am using static options 

test - testhost

qa - qahost

prod - prodhost

Labels (1)
0 Karma

bowesmana
SplunkTrust
SplunkTrust

You can use the populating search of the drop down to add dynamic options and do something like this to categorise the host type

index=aaa  source="/var/log/test1.log"
|stats count by host
| eval category=case(match(host, "t"), "Test", 
                     match(host, "q"), "QA", 
                     match(host, "p"), "Prod",
                     true(), "Unknown")

change the match statement regex as needed and the category you want to show.

category will be the <fieldForLabel> and then you need to make the <fieldForValue> to contain the value element you want for the token.

0 Karma

Jasmine
Path Finder

in QA and PROd i have 3 servers

test - testhost

qa - qahost1,qahost2,qahost3

prod - prodhost1,prodhost2,prodhost3

and my query would be for qa if i choose qa from dropdownlist

 

index=aaa(source="/var/log/tes1.log" (host=qahost1) OR (host=qahost2,) OR (host=qahost3) )

 

can you please help me integrate above one with below query?

index=aaa source="/var/log/test1.log"
|stats count by host
| eval category=case(match(host, "t"), "Test",
match(host, "q"), "QA",
match(host, "p"), "Prod",
true(), "Unknown")
0 Karma

bowesmana
SplunkTrust
SplunkTrust

Here's a simple example

<form version="1.1">
  <label>HostDropdown</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="hosts" searchWhenChanged="true">
      <label>Host Types</label>
      <choice value="prodhost*">Production</choice>
      <choice value="qahost*">QA</choice>
      <choice value="testhost*">Test</choice>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>
index=aaa source="/var/log/test1.log" host=$hosts$
|stats count by host
          </query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>

I suggest you look at this and have a look through the documentation that describes this

https://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML

 

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...