Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- Custom Drop Down In Dashboard
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From the below xml we created a drop down for site, its working as expected, but we need a dropdown for country as well. But country data is not present in the logs.
We have 2 countries, China and India.
We need a drop with country and based on country site also should be shown.
How can we do this??
<form version="1.1" theme="light">
<label>Dashboard</label>
<fieldset submitButton="false">
<input type="time" token="timepicker">
<label>TimeRange</label>
<default>
<earliest>-15m@m</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="site">
<label>SITE</label>
<choice value="*">All</choice>
<prefix>site="</prefix>
<suffix>"</suffix>
<default>*</default>
<fieldForLabel>site</fieldForLabel>
<fieldForValue>site</fieldForValue>
<search>
<query>
| makeresults | eval site="BDC" | fields site
| append [ | makeresults | eval env="SOC" | fields site ]
| sort site
| table site
</query>
</search>
</input>
</fieldset>
<row>
<panel>
<table>
<title>Total Count Of DataRequests</title>
<search>
<query>
index=Datarequest-index
$site$
| rex field= _raw "application :\s(?<Reqtotal>\d+)"
|stats sum(Reqtotal)
</query>
<earliest>$timepicker.earliest$</earliest>
<latest>$timepicker.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentageRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
<form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Santosh2 ,
There's a bit of typo in the search command for using the selected site token. You've typed seach instead of search. Also, if you're using search command, you need to filter it on the basis of key value search. Host specific dropdown should look like this:
| makeresults
| eval site="BDC", host="jboss.cloud.com"
| fields site host
| append
[| makeresults
| eval site="BDC", host="ulkoy.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="BDC", host="ualki.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="BDC", host="hyjki.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="SOC", host="uiy67.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="SOC", host="7hy56.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="SOC", host="ju5e.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="SOC", host="mjut.cloud.com"
| fields site host]
| search site="$site$"
| dedup host
| sort host
| table host
Thanks,
Tejas.
---
If the above solution helps an upvote is appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Santosh2 ,
You can create an additional input for country and use the country value as token for site input. Your xml code should look something like below:
<input type="dropdown" token="country">
<label>Country</label>
<choice value="*">All</choice>
<prefix></prefix>
<suffix></suffix>
<default>*</default>
<fieldForLabel>country</fieldForLabel>
<fieldForValue>country</fieldForValue>
<search>
<query>
| makeresults | eval country="India" | fields country
| append [ | makeresults | eval country="China" | fields country]
| sort country
| table country
</query>
</search>
</input>Now use the country token as below in Site input
<input type="dropdown" token="site">
<label>SITE</label>
<choice value="*">All</choice>
<prefix>site="</prefix>
<suffix>"</suffix>
<default>*</default>
<fieldForLabel>site</fieldForLabel>
<fieldForValue>site</fieldForValue>
<search>
<query>
| makeresults | eval site=case($country$="India","BDC",$country$="SOC",true(),"BDC")
| fields site
</query>
</search>
</input>
Thanks,
Tejas.
---
If the above solution helps, an upvote is appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @tej57 , thank you for sharing the code for country and site.
But here i have 8 hosts 4 belongs to India hosts and other 4 belongs to China.
So i tried using below code for hosts in dashboard drop down it is showing correctly, but when i open in search under selected fields the host name is not showing which i mentioned in drop down list, showing different host which is not mentioned in the drop down.
we want to show data in dashboard only with these 8 hosts
<input type="dropdown" token="host">
<label>Hosts</label>
<choice value="*">All</choice>
<prefix>host="</prefix>
<suffix>"</suffix>
<default>*</default>
<fieldForLabel>host</fieldForLabel>
<fieldForValue>host</fieldForValue>
<search>
<query>
| makeresults | eval site="BDC", host="jboss.cloud.com" | fields site host
| append [ | makeresults | eval site="BDC", host="ulkoy.cloud.com" | fields site host]
| append [ | makeresults | eval site="BDC", host="ualki.cloud.com" | fields site host]
| append [ | makeresults | eval site="BDC", host="hyjki.cloud.com" | fields site host]
| append [ | makeresults | eval site="SOC", host="uiy67.cloud.com" | fields site host]
| append [ | makeresults | eval site="SOC", host="7hy56.cloud.com" | fields site host]
| append [ | makeresults | eval site="SOC", host="ju5e.cloud.com" | fields site host]
| append [ | makeresults | eval site="SOC", host="mjut.cloud.com" | fields site host]
|seach $site$ |dedup host
| sort host
| table host
</query>
</search>
</input>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Santosh2 ,
There's a bit of typo in the search command for using the selected site token. You've typed seach instead of search. Also, if you're using search command, you need to filter it on the basis of key value search. Host specific dropdown should look like this:
| makeresults
| eval site="BDC", host="jboss.cloud.com"
| fields site host
| append
[| makeresults
| eval site="BDC", host="ulkoy.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="BDC", host="ualki.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="BDC", host="hyjki.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="SOC", host="uiy67.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="SOC", host="7hy56.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="SOC", host="ju5e.cloud.com"
| fields site host]
| append
[| makeresults
| eval site="SOC", host="mjut.cloud.com"
| fields site host]
| search site="$site$"
| dedup host
| sort host
| table host
Thanks,
Tejas.
---
If the above solution helps an upvote is appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@tej57 Got it, thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Santosh2, Glad to hear that the solution seemed to be working. It would be great if you can accept the answer as a solution so that it helps other community users.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Everyone, Can any help on this
Observe and Secure All Apps with Splunk
Splunk Decoded: Business Transactions vs Business IQ
Fastest way to demo Observability
