I would like to create a dashboard where i can get the result from one panel (query 1) and insert the results into Panel 2 and 3. This dashboard should be in form format where type an IP address in a box, then add the the IP address to query 1. Query 1 results will then be inserted into query 2 and 3 which will display the result on each panel.
query 1 sourcetype=name app=http-proxy $token1$| stats count by src_ip
I would like to add the result from query 1 and insert the result to query 2 and 3.
query 2
index=name2 $tokenResultfromQuery1$ | rename user AS User clientip AS "Client IP Address" assigned_ip AS "Assigned IP Address" vpn AS VPN reason AS Reason | table User "Client IP Address" "Assigned IP Address" Group VPN "Start Time" | sort-_time
query 3
sourcetype="WinEventLog:Security" $tokenResultfromQuery1$ | stats count by user, src_ip
You need a form, not a dashboard. You will also need a base search for the query and the post-process searches for the two panels. This will require editing the Simple XML. Here are the documentation references:
Build and Edit Forms: http://docs.splunk.com/Documentation/Splunk/6.6.2/Viz/Buildandeditforms
Post-process searches: http://docs.splunk.com/Documentation/Splunk/latest/Viz/Savedsearches#Post-process_searches
I think that the Splunk Dashboard Examples App may be more helpful than just the documentation...
There may be other ways to do this, but I think this is the most direct.