Re: Custom token in dashboard

mahesh27 · ‎03-14-2024

i have a dashboard, In that there is a drop down for services.
we have 10 panels in a dashboard.

When i select service drop down my all 10 panels will get displays as per the service chosen from the from drop down. For example if i choose "passed services" from the drop down instead of showing all panels i want to see only panle1 to panel5 and hide panel 6 to panel 10

how i can do that?

<form>
<label>Services_Dashboard</label>
<fieldset submitButton="true" autoRun="true">
<input type="time" token="time" searchWhenChanged="true">
<label> </label>
<default>
<earliest>-60m@m</earliest>
<latest>now</latest>
</default>
</input>
<inputype type="dropdown" token="services"  searchWhenChanged="true">
<label>Services</label>
<choice value="*">all</choice>
<choice value="Lgn_srvc">Login services</choice>
<choice value="Fld_srvc">Failed services</choice>
<choice value="Pass_srvc">passed services</choice>
<choice value="Tmout_srvc">timeout services</choice>
<choice value="Lgout_srvc">logout service</choice>
<choice value="Err_srvc">error services</choice>
<choice value="War_srvc">warning services</choice>
<intialValue>*</intialValue>
</input>
</fieldset>
<row>
<panel>
<title>panel1 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel> 
<panel>
<title>panel2 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel3 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel4 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel5 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel6 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel7 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel8 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel9 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
<panel>
<title>panel10 for $services$</title>
<search>
<query> index=xxx stats count by app</query>
<earliest>time.earliest</earliest>
<latest>time.latest</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
</panel>
</row>
</form>

bowesmana · ‎03-14-2024

You can make panels dependent on the existence of a token.

You do this with a <change> block on the input and setting or unsetting the tokens that a panel requires to display. You can be as fine or as coarse as you like, i.e. you could make a token for each panel and set/unset the panels as needed and then each panel definition will "depend" on its own token.

You will also need an <init> section at the start of your XML to set the default state of the tokens if you want the panels to display immediately when the dashboard is loaded.

<change>
  <condition value="Pass_srvc">
    <set token="show_panels_1">true</set>
    <unset token="show_panels_2">true</unset>
  </condition>
  <condition>
    <set token="show_panels_1">true</set>
    <set token="show_panels_2">true</set>
  </condition>
</change>
...
<panel depends="$show_panels_1$">...
..
<panel depends="$show_panels_2$">...
..

Custom token in dashboard

stats

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?