Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to dynamically send the token value to the search based on the multiple inputs?

sbollam
Explorer
‎09-03-2020 07:42 AM

Hello,

I have dashboard which contains three inputs and a single panel which one search.

input 1: It's a dropdown with following name and values:
a: 1
b: 2

input2: It's a dropdown with following name and values:
Jan: "earliest=01/01/2020 00:00:00" latest=01/01/2020 24:00:00"
Feb: "earliest=01/02/2020 00:00:00" latest=01/02/2020 24:00:00"

input3: it's time

when i choose input1 as 1, input2 should be shown and input3 needs to be hidden and whatever the value i choose from input2(month) need to be passed to the search.
when i choose input1 as 2, input3 should be shown and input2 needs to be hidden and whatever the value i choose from input3(time) need to be passed to the search.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

niketn
Legend
‎09-05-2020 12:09 PM

@sbollam please try the following run anywhere example. See if it fits your needs

<form>
  <label>Dynamically Send the Token</label>
  <init>
    <unset token="runSearch"></unset>
    <unset token="showInput2"></unset>
    <unset token="showInput3"></unset>
  </init>
  <fieldset submitButton="false">
    <input type="dropdown" token="input1" searchWhenChanged="true">
      <label>input1</label>
      <choice value="1">1</choice>
      <choice value="2">2</choice>
      <change>
        <condition value="1">
          <set token="showInput2">true</set>
          <unset token="showInput3"></unset>
          <unset token="runSearch"></unset>
          <unset token="form.input3"></unset>
        </condition>
        <condition value="2">
          <set token="showInput3">true</set>
          <unset token="showInput2"></unset>
          <unset token="runSearch"></unset>
          <unset token="form.input2"></unset>
        </condition>
      </change>
    </input>
    <input depends="$showInput2$" type="dropdown" token="input2" searchWhenChanged="true">
      <label>input2</label>
      <fieldForLabel>label</fieldForLabel>
      <fieldForValue>value</fieldForValue>
      <search depends="$showInput2$">
        <query>| makeresults count=12
| fields - _time
| streamstats count as sno
| eval prev=sno-1
| eval label=strftime(relative_time(now(),"@y+".prev."mon"),"%b")
| eval value="earliest=\"@y+".prev."mon\" latest=\"@y+".prev."mon+1d-1s\""</query>
        <earliest>-1s</earliest>
        <latest>now</latest>
      </search>
      <change>
        <condition match="isnotnull($value$)">
          <set token="runSearch">$value$</set>          
        </condition>
        <condition>
          <unset token="runSearch"></unset>
        </condition>
      </change>
    </input>
    <input depends="$showInput3$" type="dropdown" token="input3">
      <label>input3</label>
      <fieldForLabel>label</fieldForLabel>
      <fieldForValue>value</fieldForValue>
      <search depends="$showInput3$">
        <query>| makeresults
| fields - _time
| eval label="yesterday",value="earliest=-1d@d latest=-0d@d-1s"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <change>
        <condition match="isnotnull($value$)">
          <set token="runSearch">$value$</set>          
        </condition>
        <condition>
          <unset token="runSearch"></unset>
        </condition>
      </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search depends="$runSearch$">
          <query>| makeresults 
| eval inputValue=$runSearch|s$</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...