Dashboards & Visualizations

How to create a dashboard with a drop-down populated with extracted field headers from a CSV file?

cdstealer
Contributor

Hi,

I have imported a CSV file which has auto extracted the column heading and values 🙂 The task I have now is to create a dashboard where the user can select the time period (done) and then select the the field header they are interested in. Is this possible and how do I get the extracted headers into the drop-down?

Cheers

1 Solution

somesoni2
SplunkTrust
SplunkTrust

You just want the CSV header names (e.g. field1, field2) into the dropdown? If yes try below query:

<form>
   <fieldset>
     <input type="time" token="field1">
       <label></label>
       <default>
         <earliest>0</earliest>
         <latest></latest>
       </default>
     </input>
     <input type="dropdown">
       <search>
         <query>index=storage_csv sourcetype=storage_csv | head 1 | transpose | fields column | search column=CLASS* </query>
           <earliest>$field1.earliest$</earliest>
           <latest>$field1.latest$</latest>
       </search>
<fieldForLabel>column</fieldForLabel>
   <fieldForValue>column</fieldForValue>
     </input>
   </fieldset>
 </form>

View solution in original post

somesoni2
SplunkTrust
SplunkTrust

You just want the CSV header names (e.g. field1, field2) into the dropdown? If yes try below query:

<form>
   <fieldset>
     <input type="time" token="field1">
       <label></label>
       <default>
         <earliest>0</earliest>
         <latest></latest>
       </default>
     </input>
     <input type="dropdown">
       <search>
         <query>index=storage_csv sourcetype=storage_csv | head 1 | transpose | fields column | search column=CLASS* </query>
           <earliest>$field1.earliest$</earliest>
           <latest>$field1.latest$</latest>
       </search>
<fieldForLabel>column</fieldForLabel>
   <fieldForValue>column</fieldForValue>
     </input>
   </fieldset>
 </form>

cdstealer
Contributor

somesoni2.. you sir, are a life saver! Thank you very very much 🙂

muebel
SplunkTrust
SplunkTrust

Seems like you will want to setup a Form with with dropdown fieldset:

<form>
  <fieldset>
    <input type="dropdown">
      <search>
        <query>source=csv | fields field1,field2</query>
      </search>
    </input>
  </fieldset>
</form>

Something like this will populate a dropdown with the results from the search you specify.

0 Karma

cdstealer
Contributor

Hi Muebel,
Thanks for the reply.. unfortunately I've already done that (kind of).. Specifying individual fields is not realistic due to the amount of them. The query I used is index=storage_csv sourcetype=storage_csv | fields "CLASS*" but it complains of "duplicate labels" of which there are none. This is a very basic XML that I've used:

<form>
  <fieldset>
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>0</earliest>
        <latest></latest>
      </default>
    </input>
    <input type="dropdown">
      <search>
        <query>index=storage_csv sourcetype=storage_csv | fields "CLASS*"</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
      </search>
    </input>
  </fieldset>
</form>

Running the query manually returns the fields as expected.

0 Karma

saura1312
Engager

Where do i keep this XMLs? please explain in detail

0 Karma

muebel
SplunkTrust
SplunkTrust

Ah, I left a bit out. You will need to add a couple more elements to the dropdown input:

  <fieldForLabel>CLASS</fieldForLabel>
  <fieldForValue>CLASS</fieldForValue>
0 Karma

cdstealer
Contributor

Hi Muebel,
Thanks again.. unfortunately I still get the "Duplicate labels" error. I ran the query index=storage_csv sourcetype=storage_csv | transpose | rename column as class | sort -class to ensure there were no duplicates being returned. Which of course there aren't. I am utterly stuck on this one 😞

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...