- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- Can you help me create a dashboard with field depe...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you help me create a dashboard with field dependency and action state modifications?
I am attempting to create a dashboard that has a couple input fields with one being dependent on the other.
The independent field will be a drop down to select a value that will then set the time frame for a search to a specific set and disable the use of the other field. There will be a custom selection in the drop down menu that would then set a default value and enable the time input field for utilization. I would like to have the drop-down change the token values for the time picker field so that I have one reference point for time information in the search. I have been working with the drop-down condition items and have yet to create a working solution and I was wondering if someone might have some suggestions. Here is what I have thus far:
<input type="dropdown" token="shift_select" searchWhenChanged="true">
<label>Shift for Reporting</label>
<choice value="Shft1">Shift 1</choice>
<choice value="Shft2">Shift 2</choice>
<choice value="Shft3">Shift 3</choice>
<choice value="Custom">Custom</choice>
<change>
<condition value="Shft1">
<unset token="time_range"></unset>
<set token="time_range.earliest">-24h@h</set>
<set token="time_range.latest">now</set>
<set token="time_range.enabled">false</set>
</condition>
<condition value="Shft2">
<unset token="time_range"></unset>
<set token="time_range.earliest">-48h@h</set>
<set token="time_range.latest">now</set>
<set token="time_range.enabled">false</set>
</condition>
<condition value="Shft3">
<unset token="time_range"></unset>
<set token="time_range.earliest">-72h@h</set>
<set token="time_range.latest">now</set>
<set token="time_range.enabled">false</set>
</condition>
<condition value="Custom">
<unset token="time_range"></unset>
<set token="time_range.earliest">-12h@h</set>
<set token="time_range.latest">now</set>
<set token="time_range.enabled">false</set>
</condition>
</change>
</input
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am not very clear about the requirement, but what I understand is based on dropdown selection token will be set with earliest and latest time values.
In your search query in dashboard you can use-
<earliest>$time_range.earliest$</earliest>
<latest>$time_range.latest$</latest>
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
