Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Dashboards & Visualizations
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- tokens in advanced xml?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tokens in advanced xml?
Azrielb
New Member
05-16-2012
06:23 AM
Hi, I tried this week to look into simple\advanced xml in splunk.
simple xml is "simple" enough to understand but I can't get the hang of the advanced one through the tutorials.
for example a simple form to create a chart with a token and a "time input":
<form>
<label>New form</label>
<searchTemplate>
source="mysource" eventD=$eventD$
| stats sum(concurrentUsers) as concurrentbb by _time | timechart span=10m max(concurrentbb)
</searchTemplate>
<fieldset>
<input type="text" token="eventD">
<label>eventD</label>
<default></default>
<seed>""</seed>
<suffix></suffix>
</input>
<input type="time" />
</fieldset>
<row>
<chart>
<title>ConcurrentUsers</title>
<option name="charting.chart">column</option>
<option name="charting.primaryAxisTitle.text">User</option>
<option name="charting.secondaryAxisTitle.text">ConcurrentUsers</option>
<option name="charting.legend.placement">none</option>
</chart>
</row>
</form>
*** now I want to put this form inside a dashboard.
I managed to build a chart in it but I want to enable my users to insert values into tokens just like in the forms.
<view template="dashboard.html">
<label>My Dashboard</label>
<!-- top nav chrome -->
<module name="AccountBar" layoutPanel="appHeader"/>
<module name="AppBar" layoutPanel="navigationHeader"/>
<!-- Renders the search box -->
<module name="SearchBar" layoutPanel="mainSearchControls">
<!-- Renders the resulting events from your search -->
<module name="EventsViewer"/>
</module><!-- close SearchBar module -->
<module name="HiddenSearch" layoutPanel="panel_row1_col1" group="Messages per minute last hour" autoRun="True">
<param name="search">source="analyticsreport" eventDescription=$eventD$
| stats sum(concurrentUsers) as concurrentbb by _time | timechart span=10m max(concurrentbb)
</param>
???????????????????????????????????????????????????????
<module name="ResultsHeader">
<param name="entityName">scanned</param>
<param name="entityLabel">Events</param>
<module name="FlashChart">
<param name="height">180px</param>
<param name="width">100%</param>
</module>
</module>
</module>
</view>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Damien_Dallimor
Ultra Champion
05-16-2012
07:54 PM
I would recommend installing the UI Examples app , it has plenty of examples of various Advanced XML Views that you can reference to create the functionality you want
Similarly, the Sideview Utils app , also has many examples of using the custom Sideview UI modules.
Get Updates on the Splunk Community!
Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...
At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...
Preparing your Splunk Environment for OpenSSL3
The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...
Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector
Agent Saturation What and Whys
In application performance monitoring, saturation is defined as the total load ...
