Splunk Search

Parameter passing in Splunk URL for application or Server

ReanaKhan
Explorer

Hi,

i am looking for being able to pass on Filter in URL of splunk for any laucher page, which will be used to filter what is being displayed.

Like it can be used to display the log details of only certain Application logs or logs on a particular server.

Does Anybody have an idea about the same.

Regards,
Rehana

Tags (2)
0 Karma

RehanaKhan
New Member

Hi Any answer for above scenario.
BAsically looking to be able to pass two value against one param in view.
How is it accomplished?

0 Karma

gaurav_a
New Member

Hi.
In above working example, we are passing one host parameter like host="xxx.corp.com".it is working fine.
How to pass two or more host parameter in URL and how search will be happen using URLloader?
In splunk, we can search two host parameter by passing host="xxx.corp.com" OR host="yyy.corp.com" but how we can search this type of scenario using URLloader?

Thanks.

0 Karma

imrago
Contributor

Search module should be used instead of HiddenSearch, a working example :

<view template="dashboard.html">
  <label>Index activity overview</label>
  <module name="AccountBar" layoutPanel="appHeader"/>
  <module name="AppBar" layoutPanel="navigationHeader"/>
  <module name="SideviewUtils" layoutPanel="panel_row1_col1"/>
  <module name="URLLoader" layoutPanel="panel_row1_col1">
    <module name="Search" layoutpanel="panel_row1_col1" autoRun="True">
     <param name="search">index=_internal host="$host$" source=*web_access.log*         /app/  | search user=* | timechart count by user</param>
     <param name="earliest">-24h</param> 
     <module name="JobProgressIndicator"/>
     <module name="HiddenChartFormatter">
       <param name="chartTitle">Events by host</param>
       <module name="FlashChart" />
     </module>
   </module>
  </module>
</view>
0 Karma

ReanaKhan
Explorer

Hi

I have changed the dashboard_live XML like this


| metadata type=sources | search "$host$" totalCount>0 | rename totalCount as Count recentTime as "Last Update" | table source Count "Last Update" | fieldformat Count=tostring(Count, "commas") | fieldformat "Last Update"=strftime('Last Update', "%m/%d/%Y %T")
.....
...
....
...
...
....

and using the url lke this

http://summer1:8031/en-US/app/search/dashboard_live?host=summer2

and even with this

http://summer1:8031/en-US/app/search/dashboard_live?host="summer2"

the page keeps showing status as loading and nothings gets loaded.

However if i use the same "| metadata type=sources | search "$host$" totalCount>0 | rename totalCount as Count recentTime as "Last Update" | table source Count "Last Update" | fieldformat Count=tostring(Count, "commas") | fieldformat "Last Update"=strftime('Last Update', "%m/%d/%Y %T") by replacing the $host$ with summer2 fetchers me the results.

Whats wrong?

Thanks in Advance,
Rehana

0 Karma

ReanaKhan
Explorer

I am looking into being able to add up a parameter from Apache to Splunk URL and Splunk being able to working with that URL filter.

This Side ViewUtils however seems to be working on click of button and stuff..

0 Karma

imrago
Contributor

Splunk.Module.URLLoader extends Splunk.Module

This module will look at the page URL and for every querystring argument foo=bar, it will create a key in the context object with name 'foo' and value 'bar'

With the help of this you could use the passed on parameter in your search queries to filter out results.

0 Karma

imrago
Contributor

The following two modules could be useful for something like that in the SideView_Utils app:

Redirector

URLLoader

http://splunk-base.splunk.com/apps/36405/sideview-utils

0 Karma
Get Updates on the Splunk Community!

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...

Thank You for Celebrating CX Day with Splunk!

Yesterday the entire team at Splunk &#43; Cisco joined the global celebration of CX Day - celebrating our ...