Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Form vs. View for Multiple Result Sets

Eldad
Explorer
‎10-25-2010 12:01 PM

Hi,

My event data consists of HTTP requests. My goal is to build a view that includes: 1) A drop down to choose a Host header value 2) A line chart for the selected Host header related events that displays the number of unique requests for each source IP each day 3) Another chart that displays another flavor of the data

When trying to do this with a search form I hit a wall when trying to take the form search results and get something else out of them. The basic search results are the requests associated with a certain Host header value and I was trying to create a chart for the number of unique page hist by IP. I did this by adding a chart where charting.data.search="timechart span=1d count(url) by source_ip". This did not work and the chart was not displayed correctly, making me think that this is not the way i was supposed to use charting.data.search.

So the question is what is the best way to build such a screen (form or view) and how do i achieve that (did not find the documentation taking me through this).

Thanks!

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎10-27-2010 02:35 AM

1) there is significant documentation at splunk.com - eg: http://www.splunk.com/base/Documentation/latest/Developer/FormIntro

Quite possibly you've just been looking in the wrong place? eg: setting the property charting.data.search is a very advanced thing to do additional filtering and is not at all how you set the main search.

2) or if you'd rather tinker with living breathing examples you can pull down the UI Exampels app and learn in a more hands on fashion. It sounds like this might be the way to go for you (since you somehow went straight to the advanced charting documentation)

To do this:
go to the "Launcher" app,
within Launcher, go to "Browse more apps",
then scroll down until you get to "UI Examples for 4.1".
Install that app and once it's installed go to it and start reading through the examples. You'll find a number of examples talking about building different kinds of views in both the simplified XML (ie <form> and <dashboard>) as well as the advanced XML (ie <view>)

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎10-27-2010 02:35 AM

1) there is significant documentation at splunk.com - eg: http://www.splunk.com/base/Documentation/latest/Developer/FormIntro

Quite possibly you've just been looking in the wrong place? eg: setting the property charting.data.search is a very advanced thing to do additional filtering and is not at all how you set the main search.

2) or if you'd rather tinker with living breathing examples you can pull down the UI Exampels app and learn in a more hands on fashion. It sounds like this might be the way to go for you (since you somehow went straight to the advanced charting documentation)

To do this:
go to the "Launcher" app,
within Launcher, go to "Browse more apps",
then scroll down until you get to "UI Examples for 4.1".
Install that app and once it's installed go to it and start reading through the examples. You'll find a number of examples talking about building different kinds of views in both the simplified XML (ie <form> and <dashboard>) as well as the advanced XML (ie <view>)

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...