Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

question about labels

ringbbg
Engager
‎02-19-2017 10:40 PM

Hi.

with the code below, I am able to pull out data from our company's network and categorize them by region, as well as drilling down up to specific host. My only problem is, when I select for example 'APAC" in the first dropdown (token:region), the second dropdown with token $hostname$ displays the whole value of APAC as set in the condition,

      <set token="hostname">toyosu* OR daikan* OR hongkong* OR singapore* OR sydney* OR taipei* OR seoul* OR tokyo* OR osaka* OR manila* OR beijing* OR tsuenwan* OR shenzhen* OR shanghai* OR jakarta* OR kualalumpur* OR mumbai* OR bangkok* OR wellington* OR melbourne* OR canberra*</set>

so, hte dropdown menu using token hostname will display "toyosu* OR ~ ...".

Is there a way for me to set to display a custom label rather than the value of the whole token? like if i select "APAC" in the first dropdown, the second dropdown will display the token value , but will display as "ALL".

index=nm "CFM defect" syslog_message!="CFM defect: none*" host=$host_name$
TEST

<input type="time" token="_time" searchWhenChanged="true">
  <label>Time range</label>
  <default>
    <earliest>-24h@h</earliest>
    <latest>now</latest>
  </default>
</input>
<input type="dropdown" token="region" searchWhenChanged="true">

  <label>Select Region</label>
  <choice value="*">All</choice>
  <choice value="toyosu* OR daikan* OR hongkong* OR singapore* OR sydney* OR taipei* OR seoul* OR tokyo* OR osaka* OR manila* OR beijing* OR tsuenwan* OR shenzhen* OR shanghai* OR jakarta* OR kualalumpur* OR mumbai* OR bangkok* OR wellington* OR melbourne* OR canberra*">APAC</choice>
  <choice value="metro* OR morristown* OR njr* OR njr1* OR ny* OR orange* OR secaucus* OR skillman* OR telx* OR weehawken* OR west* OR wilmington* OR ashburn* OR atlanta* OR boston* OR columbus* OR calgary* OR dcb* OR markham* OR miami* OR montreal* OR ottawa* OR southfield* OR toronto* OR vanc* OR washington* OR chicago* OR dallas* OR houston* OR kansas* OR losan* OR sanfran* OR seattle* OR bermuda* OR bogota* OR brasilia* OR buenos* OR caracas* OR lima* OR  mexico* OR monte* OR rio* OR santiago* OR saop*">AMER</choice>
  <choice value="abud* OR bahr* OR bucking* OR cairo* OR canning* OR capetown* OR citygate* OR dockland* OR dubai* OR dublin* OR guernsey* OR jersey-u* OR johannesburg* OR kuwait* OR lagos* OR qatar* OR riyadh* OR slough* OR telaviv* OR uae* OR zurich* OR amsterdam* OR athens* OR barcelona* OR brussels* OR budapest* OR copenhagen* OR dusseldorf* OR frankfurt* OR friesstrasse* OR geneva* OR hamburg* OR helsinki* OR istanbul* OR lisbon* OR luxembourg* OR madrid* OR milan* OR monaco* OR moscow* OR munich* OR oslo* OR paris* OR prague* OR rome* OR stockholm* OR stuttgart* OR vienna* OR warsaw* OR zurich*">EMEA</choice>
  <default>*</default>

    <condition label="*">
      <set token="hostname">*</set>
      <set token="hostname2">*</set>
    </condition>
    <condition label="APAC">
      <set token="hostname">toyosu* OR daikan* OR hongkong* OR singapore* OR sydney* OR taipei* OR seoul* OR tokyo* OR osaka* OR manila* OR beijing* OR tsuenwan* OR shenzhen* OR shanghai* OR jakarta* OR kualalumpur* OR mumbai* OR bangkok* OR wellington* OR melbourne* OR canberra*</set>
      <set token="hostname2">toyosu* OR daikan* OR hongkong* OR singapore* OR sydney* OR taipei* OR seoul* OR tokyo* OR osaka* OR manila* OR beijing* OR tsuenwan* OR shenzhen* OR shanghai* OR jakarta* OR kualalumpur* OR mumbai* OR bangkok* OR wellington* OR melbourne* OR canberra*</set>        
    </condition>
    <condition label="EMEA">
      <set token="hostname">abud* OR bahr* OR bucking* OR cairo* OR canning* OR capetown* OR citygate* OR dockland* OR dubai* OR dublin* OR guernsey* OR jersey-u* OR johannesburg* OR kuwait* OR lagos* OR qatar* OR riyadh* OR slough* OR telaviv* OR uae* OR zurich* OR amsterdam* OR athens* OR barcelona* OR brussels* OR budapest* OR copenhagen* OR dusseldorf* OR frankfurt* OR friesstrasse* OR geneva* OR hamburg* OR helsinki* OR istanbul* OR lisbon* OR luxembourg* OR madrid* OR milan* OR monaco* OR moscow* OR munich* OR oslo* OR paris* OR prague* OR rome* OR stockholm* OR stuttgart* OR vienna* OR warsaw* OR zurich*</set>
      <set token="hostname2">abud* OR bahr* OR bucking* OR cairo* OR canning* OR capetown* OR citygate* OR dockland* OR dubai* OR dublin* OR guernsey* OR jersey-u* OR johannesburg* OR kuwait* OR lagos* OR qatar* OR riyadh* OR slough* OR telaviv* OR uae* OR zurich* OR amsterdam* OR athens* OR barcelona* OR brussels* OR budapest* OR copenhagen* OR dusseldorf* OR frankfurt* OR friesstrasse* OR geneva* OR hamburg* OR helsinki* OR istanbul* OR lisbon* OR luxembourg* OR madrid* OR milan* OR monaco* OR moscow* OR munich* OR oslo* OR paris* OR prague* OR rome* OR stockholm* OR stuttgart* OR vienna* OR warsaw* OR zurich*</set>        
    </condition>
    <condition label="AMER">
    <set token="hostname">metro* OR morristown* OR njr* OR njr1* OR ny* OR orange* OR secaucus* OR skillman* OR telx* OR weehawken* OR west* OR wilmington* OR ashburn* OR atlanta* OR boston* OR columbus* OR calgary* OR dcb* OR markham* OR miami* OR montreal* OR ottawa* OR southfield* OR toronto* OR vanc* OR washington* OR chicago* OR dallas* OR houston* OR kansas* OR losan* OR sanfran* OR seattle* OR bermuda* OR bogota* OR brasilia* OR buenos* OR caracas* OR lima* OR  mexico* OR monte* OR rio* OR santiago* OR saop*</set> 
    <set token="hostname2">metro* OR morristown* OR njr* OR njr1* OR ny* OR orange* OR secaucus* OR skillman* OR telx* OR weehawken* OR west* OR wilmington* OR ashburn* OR atlanta* OR boston* OR columbus* OR calgary* OR dcb* OR markham* OR miami* OR montreal* OR ottawa* OR southfield* OR toronto* OR vanc* OR washington* OR chicago* OR dallas* OR houston* OR kansas* OR losan* OR sanfran* OR seattle* OR bermuda* OR bogota* OR brasilia* OR buenos* OR caracas* OR lima* OR  mexico* OR monte* OR rio* OR santiago* OR saop*</set>
    </condition>

</input>
<input type="dropdown" token="hostname" searchWhenChanged="true">
  <label>Select Host for CFM</label>
  <search>
    <query>index=nm "CFM defect" syslog_message!="CFM defect: none*" host=$region$ | top host</query>
    <earliest>$_time.earliest$</earliest>
    <latest>$_time.latest$</latest>
  </search>
  <fieldForlabel>host</fieldForlabel>
  <fieldForValue>host</fieldForValue>
  <default>$region$</default>
  </input>

<input type="dropdown" token="hostname2" searchWhenChanged="true">
<label>Select Host for OSPF</label>
<search>
      <query>index=nm "RPD_OSPF_NBR*" syslog_message!="*ExStart due to*" host=$region$| top host </query>
      <earliest>$_time.earliest$</earliest>
      <latest>$_time.latest$</latest>
 </search>
   <fieldForlabel>host</fieldForlabel>
  <fieldForValue>host</fieldForValue>
  <default>$region$</default>
</input>
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎02-19-2017 11:54 PM

Why not use tags?

We do something similar in our environment:
We assign tags based on the hostname parts of of servers, so PROD-eu1-webserver-01 gets broken into

tag=PROD
tag=eu1
tag=webserver

We now build our panels with three token drop downs for Environment, Location, Service, each with an ALL (*) option too.
You can either specify your tags in the form (if they don't change often) or load them from a populating search.
If you decide on the latter consider building a scheduled search to populate a lookup table with your various tag names, and then load the lookup when your form loads.

If my comment helps, please give it a thumbs up!

View solution in original post

Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎02-19-2017 11:54 PM

Why not use tags?

We do something similar in our environment:
We assign tags based on the hostname parts of of servers, so PROD-eu1-webserver-01 gets broken into

tag=PROD
tag=eu1
tag=webserver

We now build our panels with three token drop downs for Environment, Location, Service, each with an ALL (*) option too.
You can either specify your tags in the form (if they don't change often) or load them from a populating search.
If you decide on the latter consider building a scheduled search to populate a lookup table with your various tag names, and then load the lookup when your form loads.

If my comment helps, please give it a thumbs up!
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎02-20-2017 08:17 AM

Yes, this screams for tags ( tag=APAC, etc.)

0 Karma
Reply
Solved! Jump to solution

ringbbg
Engager
‎02-20-2017 02:59 PM

Thanks for the reply. if i want to specify the tags in the form, what would the syntax be? I keep getting error if i use .

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎02-20-2017 03:08 PM

You create the tag definitions outside of the dashboard and then have a list of tags and then use tag=$tag_token$ in your dashboard search strings.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...