Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to launch an action from dashboard

dreadangel
Path Finder
‎04-26-2019 06:53 AM

My splunk contains an index_main which collects events with next (simplified) format

id, status, description

A dashboard contains a dropdown, which loads via dedup status, and a table which loads the events filtered by dropdown's selected value.
The goal is, via dashboard, to copy the events from index_main to other indexes based on dropdown's value - as status fields admits (Info, Error, Critical) values, then data should be copied to index_info, index_error and index_critical indexes (indexes already exists) - I plan to use collect but I see no solution how to launch the script.

Any thoughts upon this kind of integration? Or I miss something?

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dreadangel
Path Finder
‎04-30-2019 12:14 AM

Actually, I found my answer here (https://answers.splunk.com/answers/600664/dashboard-button-to-run-spl-on-click.html). Thank you all for your assistance.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

dreadangel
Path Finder
‎04-30-2019 12:14 AM

Actually, I found my answer here (https://answers.splunk.com/answers/600664/dashboard-button-to-run-spl-on-click.html). Thank you all for your assistance.

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎04-26-2019 06:02 PM

The collect command is not part of a script, it is SPL, so it is trivial. Just have a panel with something like this:

index="index_main" AND status=$dropdown_token$ | dedup status | addinfo | collect index=index_$dropdown_token$
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎04-26-2019 08:07 AM

what is the problem you are trying to solve?
seems like with your method every click / interaction with the dashboard should send results to summary index, is that what you are trying to achieve?

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...