I am trying to do something like this:
I want to define a view that can take for eg, start date and end date that the user can pass and then render a chart/graph for the data in that date range. I am trying to pass these start and end date values to the view from an external application so I want to pass these using URL query string parameters to the view. Is there a way to achieve this using Splunk.
Thanks a lot for your help.
Hi Joe, Thanks a lot for the quick response. Is Sideview utils app a freeware? Is this part of Splunk or a third party add-on on top of Splunk?
I was exploring the Sideview utils app little bit but I wasnt sure what the licensing etc, was.
It's free to download under the lesser gpl license. Review the license yourself and consult your legal department if you have questions. It's just a splunk app you can download from splunkbase. The app itself has a built in tutorial that explains the usage of all the new modules.
This is possible, especially if you use the sideview utils modules. Essentially you are going make a form search, using textfield modules, where the user would input values for earliest and latest time. You will then make use of the URLLoader module to pass down your arguments from the URL into the dashboard to populate those fields. The url that loads the view will end up looking something like this:
I highly recommend walking through all the examples in the sideview utils app. It makes developing these advanced views a lot quicker and easier.