Parameter passing in Splunk URL for application or...

ReanaKhan · ‎01-22-2012

Hi,

i am looking for being able to pass on Filter in URL of splunk for any laucher page, which will be used to filter what is being displayed.

Like it can be used to display the log details of only certain Application logs or logs on a particular server.

Does Anybody have an idea about the same.

Regards,
Rehana

RehanaKhan · ‎03-16-2012

Hi Any answer for above scenario.
BAsically looking to be able to pass two value against one param in view.
How is it accomplished?

gaurav_a · ‎03-15-2012

Hi.
In above working example, we are passing one host parameter like host="xxx.corp.com".it is working fine.
How to pass two or more host parameter in URL and how search will be happen using URLloader?
In splunk, we can search two host parameter by passing host="xxx.corp.com" OR host="yyy.corp.com" but how we can search this type of scenario using URLloader?

Thanks.

imrago · ‎01-25-2012

Search module should be used instead of HiddenSearch, a working example :

<view template="dashboard.html">
  <label>Index activity overview</label>
  <module name="AccountBar" layoutPanel="appHeader"/>
  <module name="AppBar" layoutPanel="navigationHeader"/>
  <module name="SideviewUtils" layoutPanel="panel_row1_col1"/>
  <module name="URLLoader" layoutPanel="panel_row1_col1">
    <module name="Search" layoutpanel="panel_row1_col1" autoRun="True">
     <param name="search">index=_internal host="$host$" source=*web_access.log*         /app/  | search user=* | timechart count by user</param>
     <param name="earliest">-24h</param> 
     <module name="JobProgressIndicator"/>
     <module name="HiddenChartFormatter">
       <param name="chartTitle">Events by host</param>
       <module name="FlashChart" />
     </module>
   </module>
  </module>
</view>

ReanaKhan · ‎01-25-2012

Hi

I have changed the dashboard_live XML like this

and using the url lke this

http://summer1:8031/en-US/app/search/dashboard_live?host=summer2

and even with this

http://summer1:8031/en-US/app/search/dashboard_live?host="summer2"

the page keeps showing status as loading and nothings gets loaded.

However if i use the same "| metadata type=sources | search "$host$" totalCount>0 | rename totalCount as Count recentTime as "Last Update" | table source Count "Last Update" | fieldformat Count=tostring(Count, "commas") | fieldformat "Last Update"=strftime('Last Update', "%m/%d/%Y %T") by replacing the $host$ with summer2 fetchers me the results.

Whats wrong?

Thanks in Advance,
Rehana

ReanaKhan · ‎01-23-2012

I am looking into being able to add up a parameter from Apache to Splunk URL and Splunk being able to working with that URL filter.

This Side ViewUtils however seems to be working on click of button and stuff..

imrago · ‎01-23-2012

Splunk.Module.URLLoader extends Splunk.Module

This module will look at the page URL and for every querystring argument foo=bar, it will create a key in the context object with name 'foo' and value 'bar'

With the help of this you could use the passed on parameter in your search queries to filter out results.

imrago · ‎01-22-2012

The following two modules could be useful for something like that in the SideView_Utils app:

Redirector

URLLoader

http://splunk-base.splunk.com/apps/36405/sideview-utils

Parameter passing in Splunk URL for application or Server

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation