Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search Help: Search Boxes on Dashboard

adalbor
Builder
‎08-01-2019 01:10 PM

Hey All,

I need some assistance with completing some search parameters.

I created a search to correlate emails going in and out of proofpoint according to the message_session_id using transaction and displaying in a table format. Proofpoint generates multiple events for a single message which requires stitching it all together.

I would like to turn this into a dashboard with two search boxes that would allow me to specify the search parameters for the sender and recipient while still maintaining the correlation using transaction.

Here is my current search:

index=proofpoint
| transaction message_session_id
| table from to subject file_name rule action
| fillnull value=n/a

Would I achieve this using tokens? Or how would I go about this?

0 Karma
Reply

woodcock
Esteemed Legend
‎08-01-2019 02:37 PM

There are many examples in the Dashboard Examples app. Install it and it will have something almost exactly like what you need (except for the SPL, which you already have):
https://splunkbase.splunk.com/app/1603/

Reply
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog
Get Updates on the Splunk Community!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...