Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Custom token in dashboard
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Custom token in dashboard
mahesh27
Communicator
03-14-2024
04:10 PM
i have a dashboard, In that there is a drop down for services.
we have 10 panels in a dashboard.
When i select service drop down my all 10 panels will get displays as per the service chosen from the from drop down. For example if i choose "passed services" from the drop down instead of showing all panels i want to see only panle1 to panel5 and hide panel 6 to panel 10
how i can do that?
<form>
<label>Services_Dashboard</label>
<fieldset submitButton="true" autoRun="true">
<input type="time" token="time" searchWhenChanged="true">
<label> </label>
<default>
<earliest>-60m@m</earliest>
<latest>now</latest>
</default>
</input>
<inputype type="dropdown" token="services" searchWhenChanged="true">
<label>Services</label>
<choice value="*">all</choice>
<choice value="Lgn_srvc">Login services</choice>
<choice value="Fld_srvc">Failed services</choice>
<choice value="Pass_srvc">passed services</choice>
<choice value="Tmout_srvc">timeout services</choice>
<choice value="Lgout_srvc">logout service</choice>
<choice value="Err_srvc">error services</choice>
<choice value="War_srvc">warning services</choice>
<intialValue>*</intialValue>
</input>
</fieldset>
<row>
<panel>
<title>panel1 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel2 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel3 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel4 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel5 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel6 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel7 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel8 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel9 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel10 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bowesmana
SplunkTrust
03-14-2024
04:31 PM
You can make panels dependent on the existence of a token.
You do this with a <change> block on the input and setting or unsetting the tokens that a panel requires to display. You can be as fine or as coarse as you like, i.e. you could make a token for each panel and set/unset the panels as needed and then each panel definition will "depend" on its own token.
You will also need an <init> section at the start of your XML to set the default state of the tokens if you want the panels to display immediately when the dashboard is loaded.
<change>
<condition value="Pass_srvc">
<set token="show_panels_1">true</set>
<unset token="show_panels_2">true</unset>
</condition>
<condition>
<set token="show_panels_1">true</set>
<set token="show_panels_2">true</set>
</condition>
</change>
...
<panel depends="$show_panels_1$">...
..
<panel depends="$show_panels_2$">...
..
Get Updates on the Splunk Community!
Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA
Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...
.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...
If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...
A Season of Skills: New Splunk Courses to Light Up Your Learning Journey
There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...
