Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ドロップダウンから複数トークンを取得する方法

kessekiou
Engager
‎05-10-2021 03:43 AM

Subjectの通りなのですが、ドロップダウンから複数のトークンを取得する手段をご教示いただきたく。

実現したい内容としては、以下のようなテーブルにおいて、ドロップダウンでName「テスト1」を選択した際、IdValueをトークンとして利用したいというものです。

IdNameValue
A001テスト11000
A002テスト22000


それぞれ何に用いるかというと、Idは表示対象の絞り込みに、ValueはグラフのY軸の最大値に設定したく。

以下に必要になる箇所のコードをサンプル的に記載させていただきました。
Idを使っての絞り込みは実現出来ているため、

  1. Valueをトークンに設定する方法
  2. Y軸の最大値の設定方法が記載内容で実現できるか(<option name="charting.axisY.maximumNumber">$value$</option> の箇所)

をご教示いただけないでしょうか。

よろしくお願いいたします。

 

<form theme="light">
  <label>hogehoge</label>
  <fieldset submitButton="false" autoRun="false">
    <input type="dropdown" token="id">
      <label>hogehoge</label>
      <fieldForLabel>Name</fieldForLabel>
      <fieldForValue>Id</fieldForValue>
      <search>
        <query>index="list" 
                | table Id, Name, Value 
                | sort Id
        </query>
        <earliest>0</earliest>
        <latest></latest>
      </search>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>LineChart</title>
      <chart>
        <search>
          <query>

	~  省略  ~

          </query>
          <earliest>0</earliest>
          <latest></latest>
          <sampleRatio>1</sampleRatio>
        </search>

        <option name="charting.axisY.maximumNumber">$value$</option>

        ~  省略  ~

      </chart>
    </panel>
  </row>
</form>

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-10-2021 04:08 AM

 

@kessekiou 

この例がこれに役立つかもしれません。

May be this example will help you in this.

 

<form theme="light">
  <label>hogehoge</label>
  <fieldset submitButton="false" autoRun="false">
    <input type="dropdown" token="id">
      <label>hogehoge</label>
      <fieldForLabel>Name</fieldForLabel>
      <fieldForValue>sourcetype</fieldForValue>
      <search>
        <query>index=_internal | stats count by sourcetype | eval Name= "This is ".sourcetype</query>
        <earliest>0</earliest>
        <latest></latest>
      </search>
      <change>
        <set token="tkn_sourcetype">$row.sourcetype$</set>
        <set token="tkn_value">$row.Name$</set>
      </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>LineChart</title>
      <chart>
        <search>
          <query>
            index=_internal sourcetype="$tkn_sourcetype$" | stats count by sourcetype          
            </query>
          <earliest>0</earliest>
          <latest></latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisTitleX.text">$tkn_value$</option>
      </chart>
    </panel>
  </row>
</form>

 

 

If this reply helps you, an upvote would be appreciated.

Thanks
Kamlesh Vaghela

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-10-2021 04:08 AM

 

@kessekiou 

この例がこれに役立つかもしれません。

May be this example will help you in this.

 

<form theme="light">
  <label>hogehoge</label>
  <fieldset submitButton="false" autoRun="false">
    <input type="dropdown" token="id">
      <label>hogehoge</label>
      <fieldForLabel>Name</fieldForLabel>
      <fieldForValue>sourcetype</fieldForValue>
      <search>
        <query>index=_internal | stats count by sourcetype | eval Name= "This is ".sourcetype</query>
        <earliest>0</earliest>
        <latest></latest>
      </search>
      <change>
        <set token="tkn_sourcetype">$row.sourcetype$</set>
        <set token="tkn_value">$row.Name$</set>
      </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>LineChart</title>
      <chart>
        <search>
          <query>
            index=_internal sourcetype="$tkn_sourcetype$" | stats count by sourcetype          
            </query>
          <earliest>0</earliest>
          <latest></latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisTitleX.text">$tkn_value$</option>
      </chart>
    </panel>
  </row>
</form>

 

 

If this reply helps you, an upvote would be appreciated.

Thanks
Kamlesh Vaghela

0 Karma
Reply
Solved! Jump to solution

kessekiou
Engager
‎05-10-2021 06:05 AM

@kamlesh_vaghel

Thanks!

I was able to solve the problem with the code you showed me.

・・・

      <change>
        <set token="tkn_sourcetype">$row.sourcetype$</set>
        <set token="tkn_value">$row.Name$</set>
      </change>

・・・
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...