Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Does splunk support parameterized queries

gregbujak
Path Finder
‎12-16-2010 05:16 PM

I am curious if parametrized queries are possible within within splunk dashboards or searches:

ex. query: foo=bar AND env=${VARIABLE}

I would then like to be able to define VARIABLE at a higher level or perhaps even have a preamble in the query such as: SET VARIABLE=prod : foo=bar AND env=${VARIABLE}.

This appears to be a similar question: link text

Thanks

Tags (1)
Reply

bbingham
Builder
‎12-17-2010 10:11 AM

Use the form dashboard or the pulldown dashboard, here would be an example:

<form class="formsearch">
       <label>Test Form</label>
       <fieldset>
              <input type="dropdown" token="breakdown" searchWhenChanged="true">
                       <label>Breakdown</label>
                       <choice value="QHour">Quarter Hour</choice>
                       <choice value="Hour">Hour</choice>
              </input>
       </fieldset>

       <row>
              <chart>
                     <searchString>index=main $breakdown$ </searchString>
                     <title>Blah</title>
              </chart>
       </row>
  </form>

So the FieldSet block builds a drop down menu and sets the variable "breakdown" to what ever the user selects, then passes that variable to a chart.

Hope this helps!

Reply

gregbujak
Path Finder
‎12-17-2010 03:23 PM

Thanks, that looks like a good place to start.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...