I have a form on which I'd like to run different search templates depending on the user input. For this particular problem, I'm working with DB Connect pulling data from summary tables, but we may have similar needs with log data running through Splunk in a more traditional manner as well.
Ex 1: Radio button input so the user can specify whether to present the results in summary, monthly, or weekly breakdowns. In this case, the search pulls from different pre-summarized tables depending upon the level of granularity applied.
Ex 2: Optional text field that if the user enters a value, an extra filter is applied to the search with the value of the field. If blank, the filter is not applied.
Is there any way to select which search template to run based on the value of a token?
We're currently running Splunk 6.0 and planning to upgrade to 6.1 shortly.
Thanks for any ideas you can offer.
... View more