Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Calling multiple Search Templates in a form

alenseb
Communicator
‎11-27-2012 08:55 PM

Hi All,

I am trying to call to 2 search template in the same form and then display them with different charts.
However, I found the charts in lower part can't show anything unless if remove the first search Template the corresponding charts.
Is this possible to do?

Please suggest.

Thanks!!

This is the code:

<form>
  <label>Simple select drop down</label>
  <!-- define master search template, with replacement tokens delimited with $ -->
  <searchName>abc</searchName>
  <searchTemplate>sourcetype="search1"</searchTemplate>
  <earliestTime>-300d</earliestTime>
  <latestTime>-0d</latestTime>
  <searchTemplate>"search2"</searchTemplate>
  <earliestTime>-300d</earliestTime>
  <latestTime>-0d</latestTime>
  <fieldset>
    <!-- Define a simple dropdown form driven by a search -->
    <input type="dropdown" token="UserName">
      <label>Select user</label>
      <populatingSearch fieldForValue="UserName" fieldForLabel="UserName"><![CDATA[|savedsearch Details|top UserName]]></populatingSearch>
      <choice value="%">All</choice>
    </input>
  </fieldset>
  <row>
    <chart>
      <title>TimeChart</title>
      <option name="charting.chart">pie</option>
    </chart>
    <chart>
      <title>TimeChart</title>
      <option name="charting.chart">bar</option>
    </chart>
  </row>
</form>
Reply
1 Solution
Solved! Jump to solution
Solution

jonuwz
Influencer
‎11-28-2012 03:32 AM

Move the searches inside the charts.

i.e.

<chart>
  <searchTemplate>sourcetype="search1"</searchTemplate>
  <earliestTime>-300d</earliestTime>
  <latestTime>-0d</latestTime>
  <title>TimeChart</title>
  <option name="charting.chart">pie</option>
</chart>

If you have 2 search templates at the same level, one will clobber the other.

If you view the advanced xml (add ?showsource=t to the end of your views URL) you'll see what the simple XML gets converted to.

Whole sections of your forms xml mysteriously disappear.

Here's a working example :

<form>
  <label>Dashboard to convert to Form Search</label>
  <fieldset>
    <input type="text" token="series">
      <label>sourcetype</label>
      <default/>
      <seed>splunkd</seed>
      <suffix>*</suffix>
    </input>
  </fieldset>
  <row>
    <chart>
      <searchTemplate>index=_internal source=*metrics.log group="per_sourcetype_thruput" series=$series$ | timechart avg(eps) </searchTemplate>
      <earliestTime>-1w</earliestTime>
      <latestTime>-1d</latestTime>
      <option name="charting.chart">line</option>
    </chart>
    <chart>
      <searchTemplate>index=_internal source=*metrics.log group="per_sourcetype_thruput" series=$series$ | timechart avg(kbps) </searchTemplate>
      <earliestTime>-1d</earliestTime>
      <latestTime>now</latestTime>
      <option name="charting.chart">column</option>
    </chart>
  </row>
</form>

View solution in original post

Reply
Solved! Jump to solution
Solution

jonuwz
Influencer
‎11-28-2012 03:32 AM

Move the searches inside the charts.

i.e.

<chart>
  <searchTemplate>sourcetype="search1"</searchTemplate>
  <earliestTime>-300d</earliestTime>
  <latestTime>-0d</latestTime>
  <title>TimeChart</title>
  <option name="charting.chart">pie</option>
</chart>

If you have 2 search templates at the same level, one will clobber the other.

If you view the advanced xml (add ?showsource=t to the end of your views URL) you'll see what the simple XML gets converted to.

Whole sections of your forms xml mysteriously disappear.

Here's a working example :

<form>
  <label>Dashboard to convert to Form Search</label>
  <fieldset>
    <input type="text" token="series">
      <label>sourcetype</label>
      <default/>
      <seed>splunkd</seed>
      <suffix>*</suffix>
    </input>
  </fieldset>
  <row>
    <chart>
      <searchTemplate>index=_internal source=*metrics.log group="per_sourcetype_thruput" series=$series$ | timechart avg(eps) </searchTemplate>
      <earliestTime>-1w</earliestTime>
      <latestTime>-1d</latestTime>
      <option name="charting.chart">line</option>
    </chart>
    <chart>
      <searchTemplate>index=_internal source=*metrics.log group="per_sourcetype_thruput" series=$series$ | timechart avg(kbps) </searchTemplate>
      <earliestTime>-1d</earliestTime>
      <latestTime>now</latestTime>
      <option name="charting.chart">column</option>
    </chart>
  </row>
</form>
Reply
Solved! Jump to solution

hartfoml
Motivator
‎10-27-2015 05:44 AM

thanks @jonuwz this helps with my problem as well.

What if you want to use one search for several rows and another search for a few more rows.

Using your example at what level above the row would you put the template and still allow to run separately and only once each time the dashboard is refreshed?

0 Karma
Reply
Solved! Jump to solution

0range
Communicator
‎03-27-2014 02:18 AM

How do the separate searchtemplate work in this example? Is there any performance profit? I do not understand

0 Karma
Reply
Solved! Jump to solution

0range
Communicator
‎03-20-2014 02:29 AM

Is it the same to separate searches in every chart?

0 Karma
Reply
Solved! Jump to solution

alenseb
Communicator
‎11-28-2012 09:57 PM

Thanks!
That worked! 🙂

0 Karma
Reply
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>

Get Updates on the Splunk Community!