Solved: Re: A dynamic lister based on a static lister

ddarmand · ‎03-20-2013

Hello everybody,

I want to create a dashboard with two listers, the first will be a static lister with differents source i use on Splunk, the second will search every hosts on the selected host.

I tried this but it don't work :

aaaaaaa

Thanks for the help !

ddarmand · ‎03-21-2013

OK thanks to your apps i found the solution, here is the code :

Test de PuLLDOWN

Thanks you very much !!!

View solution in original post

ddarmand · ‎03-21-2013

OK thanks to your apps i found the solution, here is the code :

Test de PuLLDOWN

Thanks you very much !!!

sideview · ‎03-20-2013

Well, you're using an addterm intention, and possibly the addterm is tacking it's term on after the dedup and table, which would result in

index=main sourcetype=syslog source | dedup host | table host | search source="foo"

which obviously wouldn't work. I would use the firebug addon to Firefox, and watch in the NET tab what search actually gets POST'ed to splunkd.

Using core UI, the answer would be to use the thornier stringreplace intention. There are examples in the "UI examples" app and also in its replacement the "dashboard examples" app.

If you want to make life easier for yourself, you should switch to using Sideview Utils. The same view can be rewritten far more simply and you wont have to think about intentions ever again.

<view autocancelinterval="100" ispersistable="true" issticky="true" onunloadcanceljobs="false" template="search.html">
  <label>aaaaaaa</label>
  <module name="SideviewUtils" layoutPanel="appHeader" />
  <module name="Search" layoutpanel="mainSearchControls" autorun="True">
    <param name="search">index=main</param>
    <module name="Pulldown">
      <param name="name">source</param>
      <param name="label">Reseau :</param>
      <param name="template">$name$="$value$"</param>
      <param name="staticOptions">
        <list><param name="value">SPP</param></list>
        <list><param name="value">RTH</param></list>
        <list><param name="value">RMS</param></list>
        <list><param name="value">RMS2</param></list>
      </param>
      <module name="Search">
        <param name="search">index=main sourcetype=syslog $source$ | dedup host | table host</param>

        <module name="Pulldown">
          <param name="name">host</param>
          <param name="label">Host</param>
          <param name="valueField">$name$</param>

        </module>
      </module>
    </module>
  </module>
</view>

ddarmand · ‎03-22-2013

thanks you 😉 but i fixed it as you can see in my new code 🙂 but your answer is very usefull

sideview · ‎03-21-2013

Oops. I accidentally omitted the SideviewUtils module, which is required. Rookie mistake! I'll update my code. Glad you figured it out though.

ddarmand · ‎03-21-2013

I am trying to use sideview utils with your code but it doesn't work, there is only a loading green bar at the top of the dashboard 😕

ok i fixed it by using template="dashboard.html" instead of search.html but the host pulldown is stuck on "loading".

I try to use firebug but i dont know where can i see the request in the network windows

A dynamic lister based on a static lister

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024