Splunk Search

How to add a form for user input on a dashboard to only run panel searches for data from certain hosts?

Communicator

I have a dashboard using multiple sources and I would like to replace the fixed host input ( host=prdo*) with manual input by a user. This way, a user can add one or more host names and the dashboard will give all the statuses for that option. Is that possible?

Panel =1

index=prod* source=prodLog host=pr*-* "timeout" OR "error" OR "timed-out" OR "exception" AND NOT "step*time" | timechart count as timeout span=1h

Panel = 2

index=aws-production source=prodLog host=pr*-* "green" OR "blue" OR "red" AND NOT "white" | timechart count as Colorstatus span=1h

Currently, the dashboard extracts data from all hosts. My objective is for users to be able to search from the host they are interested in. Also, this will be great if this input can be used/shared on all panels just like "time range selector".

0 Karma
1 Solution

Motivator

hi,

try with this example

<form>
  <label>-------------------------------</label>
  <description>----------------------------------------</description>
  <fieldset autoRun="true" submitButton="false">
    <input type="time" token="tm" searchWhenChanged="true">
      <label>Select a time:</label>
      <default>Last 24 hours</default>
    </input>

  <input type="text" token="host_name" searchWhenChanged="true">
    <label>Enter a host:</label>
    <default>pr*-*</default>
  </input>

</fieldset>
  <row>
    <chart>
      <title>Panel1</title>
      <search>
        <query>index=prod* source=prodLog host=$host_name$ "timeout" OR "error" OR "timed-out" OR "exception" AND NOT "step*time"
       | timechart count as timeout span=1h</query>
      </search>
      <earliestTime>$tm.earliestTime$</earliestTime>
      <latestTime>$tm.latestTime$</latestTime>
      <option name="charting.chart">column</option>
    </chart>
    <table>
      <title>Panel2</title>
      <search>
        <query>index=aws-production source=prodLog host=$host_name$" green" OR "blue" OR "red" AND NOT "white" 
         | timechart count as Colorstatus span=1h</query>
      </search>
      <earliestTime>$tm.earliestTime$</earliestTime>
      <latestTime>$tm.latestTime$</latestTime>
      <option name="wrap">true</option>
      <option name="displayRowNumbers">true</option>
      <option name="dataOverlayMode">none</option>
      <option name="drilldown">row</option>
      <option name="count">5</option>
    </table>
  </row>
</form>

View solution in original post

Motivator

hi,

try with this example

<form>
  <label>-------------------------------</label>
  <description>----------------------------------------</description>
  <fieldset autoRun="true" submitButton="false">
    <input type="time" token="tm" searchWhenChanged="true">
      <label>Select a time:</label>
      <default>Last 24 hours</default>
    </input>

  <input type="text" token="host_name" searchWhenChanged="true">
    <label>Enter a host:</label>
    <default>pr*-*</default>
  </input>

</fieldset>
  <row>
    <chart>
      <title>Panel1</title>
      <search>
        <query>index=prod* source=prodLog host=$host_name$ "timeout" OR "error" OR "timed-out" OR "exception" AND NOT "step*time"
       | timechart count as timeout span=1h</query>
      </search>
      <earliestTime>$tm.earliestTime$</earliestTime>
      <latestTime>$tm.latestTime$</latestTime>
      <option name="charting.chart">column</option>
    </chart>
    <table>
      <title>Panel2</title>
      <search>
        <query>index=aws-production source=prodLog host=$host_name$" green" OR "blue" OR "red" AND NOT "white" 
         | timechart count as Colorstatus span=1h</query>
      </search>
      <earliestTime>$tm.earliestTime$</earliestTime>
      <latestTime>$tm.latestTime$</latestTime>
      <option name="wrap">true</option>
      <option name="displayRowNumbers">true</option>
      <option name="dataOverlayMode">none</option>
      <option name="drilldown">row</option>
      <option name="count">5</option>
    </table>
  </row>
</form>

View solution in original post

Communicator

thanks ! there is no input (form) created I just got "-------------------------------
----------------------------------------" above time selector. and the dash-board itself say " waiting for input"

0 Karma

Motivator

sorry I had made a mistake in the code but I corrected.

copy the new code and try again

0 Karma

Communicator

thanks, all good now!!!

0 Karma

Motivator

happy for you,

don't forget to accepted and vote my answers

0 Karma

Motivator

hi,
Yes it's possible,
displays your code I try to help you

0 Karma

Communicator

thanks much! I have updated the question. so the dashboard has 10 panel but I have the code from the 2 panels.

0 Karma

Motivator

you want to add a box to allow the user to enter the name of the host it wants and select the timerange he wants?

0 Karma

Communicator

I have already time-range selector, I want the box enter the host name.

0 Karma