Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Dealing with empty selections in complex forms

lassel
Communicator
‎06-03-2015 06:07 AM

I have the following (simplified) dynamic dashboard.
You can see the query beeing performed in html.

I want the sourcetype selection is optional on this dashboard. But as it is the $sourcetype$ token is not resolved until I make a selection in the sourcetype. Setting a default sourcetype to empty doesn't work, because that will make an invalid search and also because the empty selection stays when I select an index.

  • How can I make the search run, even if no selection is made to sourcetype?

  • How can I clear the (invalid) sourcetype selections, when I select an index?

    index=* | dedup index 0 index index true | search index= false * <query>$index$ | dedup sourcetype</query> 0 sourcetype sourcetype ( sourcetype=" " OR )
    @d now 
              $index$ $sourcetype$ $search$
    <query>$index$ $sourcetype$ $search$</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest>
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

helge
Builder
‎01-21-2016 07:28 AM

You could use a token forwarder like this:

Don't use the sourcetype token in your search directly. Instead, build a new token with the help of a token forwarder. In the Javascript function that actually sets the new forwarded token's value you can easily provide a default value.

For possible alternatives also look at token change event handlers and token filters, documented on the same page as forwarders.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

helge
Builder
‎01-21-2016 07:28 AM

You could use a token forwarder like this:

Don't use the sourcetype token in your search directly. Instead, build a new token with the help of a token forwarder. In the Javascript function that actually sets the new forwarded token's value you can easily provide a default value.

For possible alternatives also look at token change event handlers and token filters, documented on the same page as forwarders.

0 Karma
Reply
Solved! Jump to solution

lassel
Communicator
‎01-21-2016 07:49 AM

Did you notice that I use simple XML?

But I need to convert my dashboard to html to do it?
It seems like a complex task for a simple goal..

0 Karma
Reply
Solved! Jump to solution

helge
Builder
‎01-21-2016 07:52 AM

You don't have to convert your dashboard to HTML, you only need to include a script like this:

<form script="myscript.js"

In that script you can then use the technique I described.

0 Karma
Reply
Solved! Jump to solution

lassel
Communicator
‎01-21-2016 07:55 AM

Oh! Great. I had no idea you could do that!

0 Karma
Reply
Solved! Jump to solution

lassel
Communicator
‎06-03-2015 06:15 AM

I would also really really like to know, how I can make the user experience of my dashboard, more like the full search page.

0 Karma
Reply
Solved! Jump to solution

lassel
Communicator
‎06-16-2015 06:50 AM

i'd still like an answer to this question ...

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...