Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Django WebFramework : Cascading Form & Search

koshyk
Super Champion
‎09-22-2014 04:40 AM

I was trying to build a django based web front-end using the examples shown in "Splunk Web Framework Toolkit". The example shown for cascaded form is "technically" NOT a cascading search, but rather searches the "whole" data every single time.
Original Example.

    {% block managers %}
    {% searchmanager id="indexsearch" search="| eventcount summarize=false index=* OR index=_*" cache=True preview=False %}
    {% searchmanager id="sourcetypesearch" search="| metadata index=$index$ OR index=_$index$ type=sourcetypes"|token_safe
    cache=True preview=True autostart=False %}
    {% endblock managers %}

What it means is: The search is run everytime with value from previous selection. So its not actually cascading the search, but rather redoing the entire search !!.
Is there a way we can "cascade" the search too as we do in advanced XML (or sideviewutils) ?

I'm looking for something like..

{% block managers %}
{% searchmanager id="indexsearch" search="| eventcount summarize=false index=* OR index=_*" cache=True preview=False %}
{% searchmanager id="sourcetypesearch" search=$indexsearch$|token_safe
cache=True preview=True autostart=False %}
{% endblock managers %}

whereby the whole of "indexsearch" is passed as a token to the next search , rather than searching the whole once again?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎09-22-2014 08:53 AM

Why not a Post Process manager?

{% postprocessmanager
    id="sourcetypesearch"
    managerid="indexsearch"
    search="search <your_next_search>" %}

View solution in original post

Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎09-22-2014 08:53 AM

Why not a Post Process manager?

{% postprocessmanager
    id="sourcetypesearch"
    managerid="indexsearch"
    search="search <your_next_search>" %}
Reply
Solved! Jump to solution

koshyk
Super Champion
‎09-23-2014 01:43 AM

Perfect thanks. Didn't know we could use all functionalities in django.
Thanks mate

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...