Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get Server name based dashboard

digitalrg
New Member
‎08-01-2014 02:35 AM

Hello,

I am forwarding a log file with some data in it and using below search string:
sourcetype=dhap source="/var/log/dhap-log" "WAIT"
Once I run this search, under Hosts field I get 2 entries for the servers from where i am getting the results. I want to save this search to a Dashboard panel where it should give me a drop-down menu for the entries from the "host" field.

Please help me on this.

Thanks,
Raghav

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎08-01-2014 07:16 AM

Give this a try. (simple xml form with host dropdown)

<form>
  <label>Dynamic Host</label>
  <fieldset autoRun="true" >
      <input type="time" />
    <input type="dropdown" token="sourcetype">
      <label>Host</label>
      <choice value="*">All</choice>
      <default>*</default>
      <populatingSearch fieldForValue="host" fieldForLabel="host">
        <![CDATA[| metasearch sourcetype=dhap source="/var/log/dhap-log" | stats count by host | table host ]]>
      </populatingSearch>
    </input>
  </fieldset>
  <row>
    <event>
      <title>Top 5 source</title>
      <searchString>sourcetype=dhap source="/var/log/dhap-log" "WAIT" host="$host$" </searchString>      
      <option name="count">10</option>
    </event>
  </row>
</form>

Answer no 2: with 2 dropdown source and sourcetype for base search index=main.

<form>
  <label>Dynamic Host</label>
  <fieldset autoRun="true" >
      <input type="time" />
    <input type="dropdown" token="sourcetype">
      <label>SourceType</label>
      <choice value="*">All</choice>
      <default>*</default>
      <populatingSearch fieldForValue="sourcetype" fieldForLabel="sourcetype">
        <![CDATA[| metasearch index=main | stats count by sourcetype ]]>
      </populatingSearch>
    </input>
<input type="dropdown" token="source">
      <label>Source</label>
      <choice value="*">All</choice>
      <default>*</default>
      <populatingSearch fieldForValue="source" fieldForLabel="source">
        <![CDATA[| metasearch index=main | stats count by source ]]>
      </populatingSearch>
    </input>
  </fieldset>
  <row>
    <event>
      <title>Top 5 source</title>
      <searchString>index=main sourcetype="$sourcetype$" source="$source$" | rest of your search </searchString>      
      <option name="count">10</option>
    </event>
  </row>
</form>

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎08-01-2014 07:16 AM

Give this a try. (simple xml form with host dropdown)

<form>
  <label>Dynamic Host</label>
  <fieldset autoRun="true" >
      <input type="time" />
    <input type="dropdown" token="sourcetype">
      <label>Host</label>
      <choice value="*">All</choice>
      <default>*</default>
      <populatingSearch fieldForValue="host" fieldForLabel="host">
        <![CDATA[| metasearch sourcetype=dhap source="/var/log/dhap-log" | stats count by host | table host ]]>
      </populatingSearch>
    </input>
  </fieldset>
  <row>
    <event>
      <title>Top 5 source</title>
      <searchString>sourcetype=dhap source="/var/log/dhap-log" "WAIT" host="$host$" </searchString>      
      <option name="count">10</option>
    </event>
  </row>
</form>

Answer no 2: with 2 dropdown source and sourcetype for base search index=main.

<form>
  <label>Dynamic Host</label>
  <fieldset autoRun="true" >
      <input type="time" />
    <input type="dropdown" token="sourcetype">
      <label>SourceType</label>
      <choice value="*">All</choice>
      <default>*</default>
      <populatingSearch fieldForValue="sourcetype" fieldForLabel="sourcetype">
        <![CDATA[| metasearch index=main | stats count by sourcetype ]]>
      </populatingSearch>
    </input>
<input type="dropdown" token="source">
      <label>Source</label>
      <choice value="*">All</choice>
      <default>*</default>
      <populatingSearch fieldForValue="source" fieldForLabel="source">
        <![CDATA[| metasearch index=main | stats count by source ]]>
      </populatingSearch>
    </input>
  </fieldset>
  <row>
    <event>
      <title>Top 5 source</title>
      <searchString>index=main sourcetype="$sourcetype$" source="$source$" | rest of your search </searchString>      
      <option name="count">10</option>
    </event>
  </row>
</form>
Reply
Solved! Jump to solution

digitalrg
New Member
‎08-11-2014 02:51 AM

Thanks Rahul Roy.
One more query I have.
Lets say I want to get a 2 dropdowns like "Source" and "Sourcetype" with the basic search as index=main
How do I do it?

0 Karma
Reply
Solved! Jump to solution

rahulroy_splunk
Path Finder
‎08-01-2014 12:58 PM

If you already have an existing dashboard(or rather form), you can copy the "" to

tag of that dashboard and copy "
...
" to section after
. I hope this is what you're asking.

Reply
Solved! Jump to solution

digitalrg
New Member
‎08-01-2014 08:50 AM

Thanks somesoni2.
This works well after changing token="host"
However can you please tell me if the same thing i want to have it only as a Dashboard panel how can i modify this?

Thanks in advance.

0 Karma
Reply
Solved! Jump to solution

tom_frotscher
Builder
‎08-01-2014 05:51 AM

What version of Splunk do you use?

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...