Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Call different saved searches based upon a pulldown menu in dashboard

gpanicker
Explorer
‎02-05-2013 04:49 PM

I have a dashboard with pulldown menu and I want to call different saved searches depending upon the selection.
Is there a way
1. to pass parameters to a saved search
Or
2. Have an if else condition in the dashboard xml to call 2 different saved searches based on the selection

Tags (3)
Reply

asimagu
Builder
‎07-18-2013 07:38 PM

what you want is a Switcher Module, you can find the instructions and sample code if you install the app Splunk Dashboards Examples

http://splunk-base.splunk.com/apps/64805/splunk-dashboard-examples

Then, you can start by taking a look at the view called "switcher1"

0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎07-18-2013 09:43 PM

Switcher is a good tool to solve this problem, but Switcher is a Sideview module, part of Sideview Utils, and it is not a Splunk module. The Dashboard Examples app deals only with core Splunk modules. What you want instead is the Sideview Utils app, and to get Switcher you'll have to get the latest version which is only available from the Sideview website. http://sideviewapps.com/apps/sideview-utils

0 Karma
Reply

wrangler2x
Motivator
‎07-18-2013 03:46 PM

You can go into Manager -> User Interface -> Views and create a view which will appear in the views menu in search. You can put your search in the view, then have the view have a pulldown menu that goes to a default time or lets you pick a time. But you have to work in xml to do this. There is some splunk documentation on using a view.

0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎02-07-2013 09:47 PM

I'm sorry gpanicker - can you describe a little more? Do you mean that your Pulldown will have precisely two entries, one that is a 5min span, and one a 1hr span? In which case each Pulldown option maps to one specific savedsearch? Also do you just need to run the savedsearches then and there, or do you want to potentially access the search results run previously by the savedsearch scheduler?

0 Karma
Reply

gpanicker
Explorer
‎02-06-2013 05:14 AM

Can you please give an example of passing parameter to the saved search

0 Karma
Reply

dart
Splunk Employee
Splunk Employee
‎02-06-2013 03:17 AM

There are multiple ways to do this. You can pass a parameter across to the saved search or you can use an eval based macro which switches out the time range based on the selected options.

0 Karma
Reply

gpanicker
Explorer
‎02-05-2013 09:41 PM

This is my scenario.. Pulldown will have span like 5mins, 1 hr etc.
Depending upon the span selected, I need to trigger a saved search with span 5 mins or 1 hr. The saved search remains the same except for the span selected.

Please let me know how I can do that.
Thanks in advance!

0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎02-05-2013 08:39 PM

It sounds like you don't simply want each option in the Pulldown to run its own distinct saved-search, but rather something where options 1-10 trigger savedsearch X, and 11-20 trigger savedsearch Y. Can you confirm? Either way it is possible but the answers would be quite different.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...