Splunk Search

How to create "for cycle" routine to generate panels/rows from a search using Splunk XML?

verbal_666
Builder

Hi.
I would like to know if there is a simple way, via Splunk XML, to create a "for cycle" like routine, to generate panels or rows from a simple SPL search.

A simple example,

  1. I have a lookup my_hosts.csv with a list of hosts (host1 host2 host3)
  2. In a normal way, if I want to make one panel per each host, I need to enter XML code (or make via UI ok) and create every panel manually where, inside, I put my search (ex. search ... host=host1 "critical" | stats count) (x3)
  3. I would like to automatically generate those panels, from a simple |inputlookup my_hosts.csv,
    with one single for cycle way, something like this:

    for myhost in "| inputlookup my_hosts.csv"; do <---------------
    panel
    single
    title $myhost$ /title
    search
    search ... host=$myhost$ "critical" | stats count
    /search
    /single
    /panel
    done <---------------

Is there a way?
Thanks.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Simple XML has no looping constructs.

---
If this reply helps you, Karma would be appreciated.
0 Karma

verbal_666
Builder

Simple XML has no looping constructs.

Thanks.

0 Karma

niketn
Legend

@verbal_666 if you want to have dynamic single values for each host in the lookup, please try the Trellis Layout feature and confirm. Following is the Splunk Documentation

https://docs.splunk.com/Documentation/Splunk/latest/Viz/VisualizationTrellis

You will find several examples on Splunk Answers if you search for Trellis Single Value.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

verbal_666
Builder

I surely yet tried the trellis function. I'm not really sure i can apply, inside the trellis, a real layout format, like creating a real PANEL or ROW, since trellis create a single PANEL and formats it as a single search (with page layout with scrolling buttons "< >") splitting each search by a field in a single panel.

I really wanted to create a for cycle in XML, i think it's necessary to convert in html/js the dashboard and work inside it, as a real developer.

Thanks anyway.

0 Karma

niketn
Legend

@verbal_666 the one panel per host is table or any chart? Can you elaborate? If they are chart you can definitely try Trellis layout!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

verbal_666
Builder

I read you, before. Sorry, for no anwser, but trellis resolved partially my "issue". Read next.
Thanks anyway.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...