How to add option "Select All" in a drilldown?

Julia1231 · ‎09-30-2022

Hi,

I add a drildown in a Dashboard.

By this piece of code, I have a list of equipement in the drilldown

|inputlookup lookup.csv |stats count by id
|fields id

Is it possible to add an option "All" like the filter in the Excel?

If yes, how can I do it please?

If no, is there any idea that I can do? Basically I want to choose 1 single equipement or all equipement.

Thanks,

Julia

gcusello · ‎09-30-2022

Hi @Julia1231,

yes, it's possible: you have to add a static option, adding All as label and * as value.

Then, if you like, you can set this value as default for your dropdown.

Something like this:

    <input type="dropdown" token="Status">
      <label>idopen_cases</label>
      <choice value="*">All</choice>
      <prefix>idopen_cases="</prefix>
      <suffix>"</suffix>
      <fieldForLabel>idopen_cases</fieldForLabel>
      <fieldForValue>idopen_cases</fieldForValue>
      <search>
        <query>
          | inputlookup lookup.csv
          | dedup idopen_cases
          | sort idopen_cases
          | table idopen_cases
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <default>*</default>
    </input>

Ciao.

Giuseppe

Julia1231 · ‎09-30-2022

Hi @gcusello

I follow your instruction and have this error:

Do you have any idea please?

gcusello · ‎09-30-2022

Hi @Julia1231,

Please share your search and your code.

Ciao.

Giuseppe

Julia1231 · ‎10-04-2022

Hi @gcusello

Here my script where group1 is the token of the drilldown:

|dbxquery connection="server" query="
SELECT id, time as time_receive, count(*) as count
FROM table
WHERE time < NOW()
GROUP BY id, time_receive "
|lookup lookup.csv numero OUTPUT type
|where type = $group1$
|eval _time=strptime(time_receive,"%Y-%m-%dT%H:%M:%S.%N")
|timechart span=1h count by type

gcusello · ‎10-04-2022

Hi @Julia1231,

try using search instead where, and if $group1$ can have a space or a special char inside, use quotes:

| dbxquery connection="server" query="
   SELECT id, time as time_receive, count(*) as count
   FROM table
   WHERE time < NOW()
   GROUP BY id, time_receive "
| lookup lookup.csv numero OUTPUT type
| search type="$group1$"
| eval _time=strptime(time_receive,"%Y-%m-%dT%H:%M:%S.%N")
| timechart span=1h count by type

Anyway, dbxquery is a command to test a connection, it has very low performaces!

Usually DB Connect is used to load data from a DB in a table or a lookup, but not for on line searches, you have a very high respose time!

Ciao.

Giuseppe

How to add option "Select All" in a drilldown?

drilldown

token

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!