Parameter passing in Splunk URL for application or...

ReanaKhan · ‎01-22-2012

Hi,

i am looking for being able to pass on Filter in URL of splunk for any laucher page, which will be used to filter what is being displayed.

Like it can be used to display the log details of only certain Application logs or logs on a particular server.

Does Anybody have an idea about the same.

Regards,
Rehana

RehanaKhan · ‎03-16-2012

Hi Any answer for above scenario.
BAsically looking to be able to pass two value against one param in view.
How is it accomplished?

gaurav_a · ‎03-15-2012

Hi.
In above working example, we are passing one host parameter like host="xxx.corp.com".it is working fine.
How to pass two or more host parameter in URL and how search will be happen using URLloader?
In splunk, we can search two host parameter by passing host="xxx.corp.com" OR host="yyy.corp.com" but how we can search this type of scenario using URLloader?

Thanks.

imrago · ‎01-25-2012

Search module should be used instead of HiddenSearch, a working example :

<view template="dashboard.html">
  <label>Index activity overview</label>
  <module name="AccountBar" layoutPanel="appHeader"/>
  <module name="AppBar" layoutPanel="navigationHeader"/>
  <module name="SideviewUtils" layoutPanel="panel_row1_col1"/>
  <module name="URLLoader" layoutPanel="panel_row1_col1">
    <module name="Search" layoutpanel="panel_row1_col1" autoRun="True">
     <param name="search">index=_internal host="$host$" source=*web_access.log*         /app/  | search user=* | timechart count by user</param>
     <param name="earliest">-24h</param> 
     <module name="JobProgressIndicator"/>
     <module name="HiddenChartFormatter">
       <param name="chartTitle">Events by host</param>
       <module name="FlashChart" />
     </module>
   </module>
  </module>
</view>

ReanaKhan · ‎01-25-2012

Hi

I have changed the dashboard_live XML like this

and using the url lke this

http://summer1:8031/en-US/app/search/dashboard_live?host=summer2

and even with this

http://summer1:8031/en-US/app/search/dashboard_live?host="summer2"

the page keeps showing status as loading and nothings gets loaded.

However if i use the same "| metadata type=sources | search "$host$" totalCount>0 | rename totalCount as Count recentTime as "Last Update" | table source Count "Last Update" | fieldformat Count=tostring(Count, "commas") | fieldformat "Last Update"=strftime('Last Update', "%m/%d/%Y %T") by replacing the $host$ with summer2 fetchers me the results.

Whats wrong?

Thanks in Advance,
Rehana

ReanaKhan · ‎01-23-2012

I am looking into being able to add up a parameter from Apache to Splunk URL and Splunk being able to working with that URL filter.

This Side ViewUtils however seems to be working on click of button and stuff..

imrago · ‎01-23-2012

Splunk.Module.URLLoader extends Splunk.Module

This module will look at the page URL and for every querystring argument foo=bar, it will create a key in the context object with name 'foo' and value 'bar'

With the help of this you could use the passed on parameter in your search queries to filter out results.

imrago · ‎01-22-2012

The following two modules could be useful for something like that in the SideView_Utils app:

Redirector

URLLoader

http://splunk-base.splunk.com/apps/36405/sideview-utils

Parameter passing in Splunk URL for application or Server

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life