- Splunk Answers
- :
- Splunk Platform Products
- :
- Splunk Enterprise
- :
- host drop down
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
host drop down
We want to add a host drop down in a dashboard please find the host details below.
| dev1 | appdev1host logdev1host cordev1host |
| dev2 | appdev2host logdev2host cordev2host |
| dev3 | appdev3host logdev3host cordev4host |
| dev4 | appdev4host logdev4host cordev4host |
| sit1 | appsit1host logsit1host corsit1host |
| sit2 | appsit2host logsit2host corsit2host |
| sit3 | appsit3host logsit3host corsit3host |
| sit4 | appsit4host logsit4host corsit4host |
drop down in dashboard should have only 8 drop downs .
For example: if i choose dev1 it should capture all the hosts mentioned for dev1(appdev1host, logdev1host,cordev1host)
dev1
dev2
dev3
dev4
sit1
sit2
sit3
sit4
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can anyone help on this pls
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you added the dropdown - what is the problem you are facing?
Simply add the dropdown, set the 8 static options and then in your search use
index=bla host=*$my_host_token$*where my_host_token is the token for your dropdown
Assuming the table below is the finite list of hosts you will have, then this should work - there are of course other ways to do this, but this is the simplest.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can any one help on this
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can help - I asked a question about whether you had already added the dropdown field.
Have you done so? What have you tried before - it's pretty straightforward to add a dropdown input and add values to the dashboard - you don't need to write XML
The XML reference manual is here
https://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML
This is a really good app you can install to a Splunk environment that shows many techniques to create powerful dashboards
https://splunkbase.splunk.com/app/1603
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried below code but it not working. can any one let me know what is wrong here:
<form version="1.1" theme="light">
<label>HTMD Dashboard</label>
<fieldset submitButton="false">
<input type="time" token="timepicker">
<label>TimeRange</label>
<default>
<earliest>-15m@m</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="host">
<label>Env wise hosts</label>
<choice value="appdev1host","logdev1host","cordev1host">DEV1</choice>
<choice value="appdev2host","logdev2host","cordev2host">DEV2</choice>
<choice value="appdev3host","logdev3host","cordev3host">DEV3</choice>
<choice value="appdev4host","logdev4host","cordev4host">DEV4</choice>
<choice value="appsit1host","logsit1host","corsit1host">SIT1</choice>
<choice value="appsit2host","logsit2host","corsit2host">SIT2</choice>
<choice value="appsit3host","logsit3host","corsit3host">SIT3</choice>
<choice value="appsit4host","logsit4host","corsit4host">SIT4</choice>
</fieldset>
<row>
<panel>
<table>
<title>Incoming Count & Total Count</title>
<search>
<query>index=test-index source=application.logs $host$ "Incoming count" |stats count by "Incoming count"
|appendcols
index=test-index source=application.logs $host$ "Total count" |stats count by "Total count"
|table "Incoming count" "Total count"
</query>
<earliest>timepicker.earliest</earliest>
<latest>timepicker.latest</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentageRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
<form>- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am not sure how you managed to create that because that XML is completely broken and is not a valid dashboard. Your <choice> values are not valid XML, e.g. you can't have value=multiple quoted strings.
<choice value="appdev1host","logdev1host","cordev1host">DEV1</choice>Why don't you just make your choice value something like
<choice value="*dev1host">DEV1</choice>and so on.
Also, not sure what you are trying to achieve with your SPL - are "Total count" and "Incoming count" fields in your data? Using appendcols is not a good technique as you are repeating almost the identical search, which is not necessary.
If you want to share an example of your data I can help suggest a correct search.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is another page that pretty much shows you how to do this
https://docs.splunk.com/Documentation/Splunk/9.2.1/Viz/Buildandeditforms
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am new to dashboards building
Can I get the xml code pls
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
