Does splunk support parameterized queries

gregbujak · ‎12-16-2010

I am curious if parametrized queries are possible within within splunk dashboards or searches:

ex. query: foo=bar AND env=${VARIABLE}

I would then like to be able to define VARIABLE at a higher level or perhaps even have a preamble in the query such as: SET VARIABLE=prod : foo=bar AND env=${VARIABLE}.

This appears to be a similar question: link text

Thanks

bbingham · ‎12-17-2010

Use the form dashboard or the pulldown dashboard, here would be an example:

<form class="formsearch">
       <label>Test Form</label>
       <fieldset>
              <input type="dropdown" token="breakdown" searchWhenChanged="true">
                       <label>Breakdown</label>
                       <choice value="QHour">Quarter Hour</choice>
                       <choice value="Hour">Hour</choice>
              </input>
       </fieldset>

       <row>
              <chart>
                     <searchString>index=main $breakdown$ </searchString>
                     <title>Blah</title>
              </chart>
       </row>
  </form>

So the FieldSet block builds a drop down menu and sets the variable "breakdown" to what ever the user selects, then passes that variable to a chart.

Hope this helps!

gregbujak · ‎12-17-2010

Thanks, that looks like a good place to start.

Does splunk support parameterized queries

ATTENTION!! We’re MOVING (not really)

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

AppDynamics Summer Webinars

Are you a member of the Splunk Community?

Does splunk support parameterized queries

ATTENTION!! We’re MOVING (not really)

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

AppDynamics Summer Webinars