Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to use a drop-down token to pick different searches to run and populate a chart panel?

yogas
New Member
‎07-27-2015 04:09 AM

I have a dashboard that is populated only by a drop-down input and a chart panel.

What I want to do is have several predefined searches stored somewhere, and then based on the token value I choose from the drop-down, choose the appropriate search and then populate that search into the chart panel.

If I can store two different searches inside variables, for example search01 and search02. these perform two very different searches...

And then for example, using the token $prod$ that I got from the drop-down, I do the following conditional:

if $prod$=1 then populate the chart panel with 

<searchString>search01</searchString>

elseif $prod$=2 then populate the chart panel with 

<searchString>search02</searchString>

any ideas would be much appreciated 🙂

cheers,
Yogas

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
SplunkTrust
SplunkTrust
‎07-27-2015 07:41 AM

This is how I would do the same thing:-

  1. Create a saved search for all the searches that you want to run. http://docs.splunk.com/Documentation/Splunk/6.2.4/Report/Createandeditreports
  2. In the dropdown input, provide the name of saved searches as value.

  3. Update your search for chart to use following (http://docs.splunk.com/Documentation/Splunk/6.2.4/SearchReference/Savedsearch)

    | savedsearch $tokenname$

This way whatever user selects from dropdown, that savedsearch name appears here and ran.

View solution in original post

Reply
Solved! Jump to solution

bmacias84
Champion
‎07-27-2015 02:30 PM

similar question has been answered. http://answers.splunk.com/answers/287850/am-i-able-to-use-tokens-for-a-report-selection-dro-1.html#a...

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
SplunkTrust
SplunkTrust
‎07-27-2015 07:41 AM

This is how I would do the same thing:-

  1. Create a saved search for all the searches that you want to run. http://docs.splunk.com/Documentation/Splunk/6.2.4/Report/Createandeditreports
  2. In the dropdown input, provide the name of saved searches as value.

  3. Update your search for chart to use following (http://docs.splunk.com/Documentation/Splunk/6.2.4/SearchReference/Savedsearch)

    | savedsearch $tokenname$

This way whatever user selects from dropdown, that savedsearch name appears here and ran.

Reply
Solved! Jump to solution

rey123
Path Finder
‎03-26-2019 03:29 PM

@somesoni2 , what if the saved search themselves took parameters? ie., the saved search output depended on the values of those parameters (among others), in the search. How could heen create such a search?

0 Karma
Reply
Solved! Jump to solution

yogas
New Member
‎07-27-2015 11:18 PM

Hi somesoni2,
thank you for the answer, this turns out to be quite simple and works great 🙂

0 Karma
Reply
Solved! Jump to solution

gfreitas
Builder
‎07-27-2015 07:24 AM

Hi Yogas,

I've done this once using search macros. I've created some searches eg: search01, search02 and search03 and when the user choose the dropdown the value of the dropdown is the search macro name and the dashboard just runs: $search_dropdown$

I also used this to add variables to the search macro and add some variable to the searches.

Hope this can help you!

Reply
Solved! Jump to solution

rey123
Path Finder
‎03-26-2019 02:54 PM

@gfreitas, would you be able to explain your suggestion with an example? It would be MUCH clearer then for those of us trying to execute the same steps!

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...