I'm creating a dashboard to help less technical operators evaluate the contents of our indexes so that we can restructure the roles and data access.
This is the source as stands today (the search will be replaced by a report performing the same search once a day):
<form>
<label>Index Investigation Dashboard</label>
<fieldset submitButton="false">
<input type="dropdown" token="index_name" searchWhenChanged="false">
<label>Index</label>
<search>
<query>index=* OR index=_* | stats values(index) AS indexname | eval label=indexname | table indexname, label</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<fieldForLabel>label</fieldForLabel>
<fieldForValue>indexname</fieldForValue>
</input>
</fieldset>
<row>
<panel>
<table>
<title>Hosts and Sources</title>
<search>
<query>index="$index_name$" | eval host_and_source=(host . " | " . source) | stats values(host_and_source) AS "Hosts and Sources"</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
</panel>
</row>
</form>
What is absolutely driving me crazy right now is the drop-down is a comma separated string of all of the indexes. I'm not getting discrete values to select, I'm getting a great big string of garbage. WHY?!?
... View more