Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to convert splunk dashboard panel with dynamic token in reports?

karthi2809
Builder
‎05-28-2024 02:59 AM

Hi All,

I have a Splunk dashboard with dynamic token, Here a simplified example of my setup. In the dashboard $new_value$ and $env$  are dynamic token that user can select. I want to convert this panel into report that can accommodate these dynamic values. Could you guide me how to achieve this ?.I need to understand. Any details steps or examples would be greatly appreciated.

Base Query:
index=Test environment=$env$ applicationName=$new_value$ 
 | stats values(content.InterfaceName) as InterfaceName values(content.payload) as payloadFile values(content.ErrorMsg) as  errormsg  values(content.Error) as error BY  applicationName,correlationId
| table  Status Timestamp InterfaceName ApplicationName  CorrelationId
| search  interfaceName=$new_interface$ 

Panel Query with dynamic tokens:
 <search base="BankSearch">
          <query>| where Status LIKE ("$countStatus$")|sort -Timestamp</query></search>

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-28-2024 03:20 AM

Hi @karthi2809,

for my knowledge, reports are static objects and you cannot pass a token to a report.

Why do you want to do this?

if it's to accelerate searches, use other methods as Data_nodels or Summary indexes.

Ciao.

giuseppe

0 Karma
Reply

karthi2809
Builder
‎05-28-2024 03:32 AM

Hi @gcusello 

Thanks for the reply. Actually i want to improve my dashboard performance. So i try to convert as report. But as you said its static. So if i use summary index or data model we can pass token ?any sample data model .And both will consume license right?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-28-2024 03:37 AM

Hi @karthi2809,

Yes, you can pass a token to a search based on DataModels or Summary Indexes.

Both of them don't consume license.

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...