Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to convert splunk dashboard panel with dynamic token in reports?

karthi2809
Builder
‎05-28-2024 02:59 AM

Hi All,

I have a Splunk dashboard with dynamic token, Here a simplified example of my setup. In the dashboard $new_value$ and $env$  are dynamic token that user can select. I want to convert this panel into report that can accommodate these dynamic values. Could you guide me how to achieve this ?.I need to understand. Any details steps or examples would be greatly appreciated.

Base Query:
index=Test environment=$env$ applicationName=$new_value$ 
 | stats values(content.InterfaceName) as InterfaceName values(content.payload) as payloadFile values(content.ErrorMsg) as  errormsg  values(content.Error) as error BY  applicationName,correlationId
| table  Status Timestamp InterfaceName ApplicationName  CorrelationId
| search  interfaceName=$new_interface$ 

Panel Query with dynamic tokens:
 <search base="BankSearch">
          <query>| where Status LIKE ("$countStatus$")|sort -Timestamp</query></search>

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-28-2024 03:20 AM

Hi @karthi2809,

for my knowledge, reports are static objects and you cannot pass a token to a report.

Why do you want to do this?

if it's to accelerate searches, use other methods as Data_nodels or Summary indexes.

Ciao.

giuseppe

0 Karma
Reply

karthi2809
Builder
‎05-28-2024 03:32 AM

Hi @gcusello 

Thanks for the reply. Actually i want to improve my dashboard performance. So i try to convert as report. But as you said its static. So if i use summary index or data model we can pass token ?any sample data model .And both will consume license right?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-28-2024 03:37 AM

Hi @karthi2809,

Yes, you can pass a token to a search based on DataModels or Summary Indexes.

Both of them don't consume license.

Ciao.

Giuseppe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...