Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set default value in query

geetanjali
Path Finder
‎06-02-2011 05:06 AM

Hello,

Thanks for your valuable time and help.

I have one view with host drop down and one time chart. I am writing a query according to host selected from drop down and showing graph accordingly.By default my page will remain blank. On "Search" button click, the graph will show.
My query is :

index="test" sourcetype="test_source" host=$host$ | timechart count(LastOccurrence) by Severity

On changing host value and clicking on search button, it will display graph.

But i want to display my graph on page load. With this query, on page load it will display "No result found". because $host$ is null.And want to set $host$ value as "Any".

I have tried : fillnull value=Any in my query. but it is not working.

Please help, if anybody knows the solution. How can i set default value to this $host$ variable.

Thanks in advance,

Geetanjali

Tags (1)
Reply

sideview
SplunkTrust
SplunkTrust
‎06-05-2011 12:11 PM

You need to give a default value to the host pulldown not to the search directly.

Since it sounds like the host is populated by a search, most likely you're using a SearchSelectLister module. SearchSelectLister does have a 'selected' param, but the first step is to give it an 'Any' option to select. For this you'll need to add the param 'staticFieldsToDisplay'. 

<param name="staticFieldsToDisplay">
  <list>
    <param name="label">Any</param>
    <param name="value">*</param>
  </list>
</param>

And actually you dont need to add the 'selected' param, because if there are any staticFieldsToDisplay, it will always default to the first one, even when 'selected' is unset.

Also, if you ever use SearchSelectLister's non-dynamic cousin, the StaticSelect module, it has these same 2 params.

You can always read about the params for any particular module by going to http://<your host and port>/modules

And generally the same content is written up in the docs here: http://www.splunk.com/base/Documentation/4.2.1/Developer/ModuleReference#SearchSelectLister

And I'm guessing that you are not using the Sideview Utils module 'Pulldown' because it will have the 'any' entry by default and you probably wouldnt have asked this question. However Pulldown handles both static and dynamic cases and you may find the Sideview system easier to use because you dont have to use "intentions". Download Sideview Utils and read embedded docs for more detail.

0 Karma
Reply

mw
Splunk Employee
Splunk Employee
‎06-02-2011 05:50 AM

In the fieldset statement for your view, you can add autoRun and default:

<fieldset autoRun="true" submitButton="false">
  <input token="sourcetype">
    <default>myhost</default>
  </input>
  <input type="time">
    <default>Last 30 days</default>
  </input>
</fieldset>

http://www.splunk.com/base/Documentation/latest/Developer/Step2CustomizeForm

0 Karma
Reply

mw
Splunk Employee
Splunk Employee
‎06-05-2011 09:19 AM

Check here: http://www.splunk.com/base/Documentation/latest/Developer/AdvancedFormSearch

0 Karma
Reply

geetanjali
Path Finder
‎06-02-2011 06:03 AM

what will be in advance XML?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...