Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

change index value based on the dropdown selection

kavyakanne
Engager
‎05-17-2020 01:36 AM

So as per the Daily and Monthly selection index has to vary

Daily = index1
Monthly=index2

Thanks in Advance!

<fieldset>
      <label>Report Type</label>
       <choice value="Daily">Daily</choice>
        <choice value="Monthly">Monthly</choice>
</fieldset>
Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sanjeev543
Communicator
‎05-17-2020 03:00 AM

@kavyakanne perhaps you could try below option if you are looking to change the index name based on the Report Type option that you select

<fieldset submitButton="false">
     <input type="dropdown" token="idx">
       <label>Reporting Type</label>
       <choice value="daily_report_index_name">Daily</choice>
       <choice value="monthly_report_index_name">Monthly</choice>
       <default>daily_report_index_name</default>
     </input>
   </fieldset>
<!-- modify the search query with token name -->
<row>
     <panel>
      <title>Selected index option $idx$<title>
       <table>
         <search>
           <query>index=$idx$</query>
           <earliest>-60m@m</earliest>
           <latest>now</latest>
           </search>
</table>
</panel>
</row>

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sanjeev543
Communicator
‎05-17-2020 03:00 AM

@kavyakanne perhaps you could try below option if you are looking to change the index name based on the Report Type option that you select

<fieldset submitButton="false">
     <input type="dropdown" token="idx">
       <label>Reporting Type</label>
       <choice value="daily_report_index_name">Daily</choice>
       <choice value="monthly_report_index_name">Monthly</choice>
       <default>daily_report_index_name</default>
     </input>
   </fieldset>
<!-- modify the search query with token name -->
<row>
     <panel>
      <title>Selected index option $idx$<title>
       <table>
         <search>
           <query>index=$idx$</query>
           <earliest>-60m@m</earliest>
           <latest>now</latest>
           </search>
</table>
</panel>
</row>
0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-17-2020 01:59 AM

Hi @kavyakanne,
try something like this:

<form>
  <label>Test dropdown 2</label>
  <fieldset submitButton="false">
    <input type="radio" token="index">
      <label>Index</label>
      <choice value="wineventlog">wineventlog</choice>
      <choice value="_internal">_internal</choice>
      <default>wineventlog</default>
      <prefix>index="</prefix>
      <suffix>"</suffix>
    </input>
  </fieldset>
  <row>
    <panel>
      <event>
        <search>
          <query>$index$</query>
          <earliest>-60m@m</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="list.drilldown">none</option>
        <option name="list.wrap">1</option>
        <option name="maxLines">5</option>
        <option name="raw.drilldown">full</option>
        <option name="rowNumbers">0</option>
        <option name="table.drilldown">all</option>
        <option name="table.sortDirection">asc</option>
        <option name="table.wrap">1</option>
        <option name="type">list</option>
      </event>
    </panel>
  </row>
</form>

Obviously, you can use a different search.

Ciao.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-17-2020 03:32 AM

Hi @kavyakanne,
instead the index=weekly/monthly, you could insert in the choice the full search for each report,
try something like this:

<form>
  <label>Test dropdown 2</label>
  <fieldset submitButton="false">
    <input type="radio" token="index">
      <label>Index</label>
      <choice value="index=wineventlog | stats count BY EventCode">wineventlog</choice>
      <choice value="index=_internal | table _time source index sourcetype">_internal</choice>
      <default>index=wineventlog | stats count BY EventCode</default>
      <prefix/>
      <suffix/>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>$index$</query>
          <earliest>-60m@m</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

Ciao.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

kavyakanne
Engager
‎05-17-2020 01:38 AM

@gcusello

Could you assist me here!

Thanks in Advance!

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...