I have a search like this:
source="C:\\Budapest Router1full.csv" host="SEZ00VVM-153" sourcetype="csv" date_wday!=saturday AND date_wday!=sunday| rex field=source "(?<country>.*?)$"| lookup datacentre.csv country OUTPUT start_hour end_hour receivebandwidth |where date_hour>=start_hour AND date_hour<= end_hour | eval Intraffic=IN/1048576 |timechart span=1d perc95(Intraffic) AS 95thPercentile ,values(receivebandwidth) as MaxIN-Bandwidth
source="C:\\Adelaida Full.csv" host="SEZ00VVM-153" sourcetype="csv" date_wday!=saturday AND date_wday!=sunday| rex field=source "(?<country>.*?)$"| lookup datacentre.csv country OUTPUT start_hour end_hour receivebandwidth |where date_hour>=start_hour AND date_hour<= end_hour | eval Intraffic=IN/1048576 |timechart span=1mon perc95(Intraffic) AS 95thPercentile ,values(receivebandwidth) as MaxIN-Bandwidth
I am extracting the Source as country name and saving it in the country field using rex. Now I want to create a drop-down with the country names, so whenever I select a country name, that search command should run. Can someone help me?
Also, how do I add a time range picker to this for each panel. For example, I want to run budaleda for last 7 days, whereas adelaide the last 3 months?
Please help me
This page in the documentation contains information about both creating drop-downs in a form, and on setting time inputs for each panel.
Form examples
However, you might find the Splunk 6.x Dashboard Examples app useful as well.