Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

Does splunk support parameterized queries

gregbujak
Path Finder
โ€Ž12-16-2010 05:16 PM

I am curious if parametrized queries are possible within within splunk dashboards or searches:

ex. query: foo=bar AND env=${VARIABLE}

I would then like to be able to define VARIABLE at a higher level or perhaps even have a preamble in the query such as: SET VARIABLE=prod : foo=bar AND env=${VARIABLE}.

This appears to be a similar question: link text

Thanks

Tags (1)
Reply

bbingham
Builder
โ€Ž12-17-2010 10:11 AM

Use the form dashboard or the pulldown dashboard, here would be an example:

<form class="formsearch">
       <label>Test Form</label>
       <fieldset>
              <input type="dropdown" token="breakdown" searchWhenChanged="true">
                       <label>Breakdown</label>
                       <choice value="QHour">Quarter Hour</choice>
                       <choice value="Hour">Hour</choice>
              </input>
       </fieldset>

       <row>
              <chart>
                     <searchString>index=main $breakdown$ </searchString>
                     <title>Blah</title>
              </chart>
       </row>
  </form>

So the FieldSet block builds a drop down menu and sets the variable "breakdown" to what ever the user selects, then passes that variable to a chart.

Hope this helps!

Reply

gregbujak
Path Finder
โ€Ž12-17-2010 03:23 PM

Thanks, that looks like a good place to start.

0 Karma
Reply