Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Using text imput to complete a search string in a dashboard

cindygibbs_08
Communicator
‎06-01-2021 08:19 PM

Hello everyone I hope you guys are doing very well,

 

I am trying to create my very first dashboard and I have to run a code like this one:

 

index=rent_hotel AND "VOUCHER-56IX75"
| stats values(CLIENT) as ID by tx_uner_rep

 

this code will generate a table but... I want to create a dashboard that will allow me to perform this search by having a text input field where I can enter a string that will change the "VOUCHER-" portion for whatever string I submit lets say if I put "893YX" I want the code to run:

 

index=rent_hotel AND "VOUCHER-893YX"
| stats values(CLIENT) as ID by tx_uner_rep

 

  and I want my dashboard the generate results only after I click on the submit button... I have tried all day without any luck by the way I using the normal/clasic version  of dashboard.. I will really be so thankful if you guys can reference some links on how to achieve this thank you very much

Kindly,

Cindy

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎06-01-2021 08:30 PM

Here's an example dashboard

<form>
  <label>vouchers</label>
  <fieldset submitButton="true" autoRun="false">
    <input type="text" token="voucher_id">
      <label>VoucherId</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>
index=rent_hotel AND "VOUCHER-$voucher_id$"
| stats values(CLIENT) as ID by tx_uner_rep            
          </query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">100</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">row</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
    <panel>
      <html>
        <h1>Query being run</h1>
index=rent_hotel AND "VOUCHER-$voucher_id$"<br/>
| stats values(CLIENT) as ID by tx_uner_rep            
      </html>
    </panel>
  </row>
</form>

and token usage docs are here

https://docs.splunk.com/Documentation/Splunk/8.2.0/Viz/tokens

 

View solution in original post

Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎06-01-2021 08:34 PM

@cindygibbs_08 

Can you please try this?

<form>
  <label>Example</label>
  <fieldset submitButton="false" autoRun="false">
    <input type="text" token="tkn_input">
      <label>input</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=rent_hotel AND "VOUCHER-$tkn_input$"
| stats values(CLIENT) as ID by tx_uner_rep</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>

 

Please refer below links to get more on it.

https://docs.splunk.com/Documentation/Splunk/8.2.0/Viz/BuildandeditdashboardswithSimplifiedXML

https://docs.splunk.com/Documentation/SplunkCloud/8.2.2104/Viz/CreateDashboards

https://www.splunk.com/pdfs/solution-guides/splunk-dashboards-quick-reference-guide.pdf

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

0 Karma
Reply
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎06-01-2021 08:30 PM

Here's an example dashboard

<form>
  <label>vouchers</label>
  <fieldset submitButton="true" autoRun="false">
    <input type="text" token="voucher_id">
      <label>VoucherId</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>
index=rent_hotel AND "VOUCHER-$voucher_id$"
| stats values(CLIENT) as ID by tx_uner_rep            
          </query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">100</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">row</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
    <panel>
      <html>
        <h1>Query being run</h1>
index=rent_hotel AND "VOUCHER-$voucher_id$"<br/>
| stats values(CLIENT) as ID by tx_uner_rep            
      </html>
    </panel>
  </row>
</form>

and token usage docs are here

https://docs.splunk.com/Documentation/Splunk/8.2.0/Viz/tokens

 

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...