Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to run a query multiple times depending on the token passed by radio inputs?

ny34940
Path Finder
‎02-21-2018 02:14 AM

Hi

In my dashboard I have 8 Radio Inputs and depending on the selected input one table is created. Now I want to add a ALL input option and the resulting dashboard should have 8 tables. I don't know if this is possible or not as all the radio inputs are using the same query.

The sample query is as follows. Here the token is named as "type". What I want to do is on selecting All option this code snippet runs 8 times, each time having one of the 8 values in the radio input. 

<row>
    <panel>
      <title>Table</title>
      <table><search base="base">
          <query>|eval cat="Original$pan$"
            |stats count(eval($type$ = "car")) as Car count(eval($type$="bike")) as Bike count(eval($type$="train")) as Train by cat month
            |eval Tot= Car + Bike + Train
            |eval Car%= if(Tot>0,round((Car/Tot)*100,0),"0")."%(".Car.")"
            |eval Bike%= if(Tot>0,round((Bike/Tot)*100,0),"0")."%(".Bike.")"
            |eval Train%= if(Tot>0,round((Train/Tot)*100,0),"0")."%(".Train.")"
            |chart values(Car%) values( Bike%)  values( Train%) by cat month
            </query>
        </search>
      </table>
    </panel>
  </row>

Thanks in advance!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎02-21-2018 08:33 AM

You can have eight tables on your dashboard, each with their own depends attribute, and make them visible depending on values set by the dropdown in <change> events. Something like this:

<fieldset submitButton="false">
  <input type="radio" token="unused">
    <label>field1</label>
    <choice value="a">A</choice>
    <choice value="b">B</choice>
    <choice value="all">All</choice>
    <change>
      <condition value="a">
        <set token="table_1">table 1 only</set>
        <unset token="table_2"></unset>
      </condition>
      <condition value="b">
        <unset token="table_1"></unset>
        <set token="table_2">table 2 only</set>
      </condition>
      <condition value="all">
        <set token="table_1">all tables</set>
        <set token="table_2">all tables</set>
      </condition>
    </change>
  </input>
</fieldset>
<row>
  <panel>
    <table depends="$table_1$">
      <search>
        <query>| makeresults | eval i_am_table_1="$table_1$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
    <table depends="$table_2$">
      <search>
        <query>| makeresults | eval i_am_table_2="$table_2$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
  </panel>
</row>

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎02-21-2018 08:33 AM

You can have eight tables on your dashboard, each with their own depends attribute, and make them visible depending on values set by the dropdown in <change> events. Something like this:

<fieldset submitButton="false">
  <input type="radio" token="unused">
    <label>field1</label>
    <choice value="a">A</choice>
    <choice value="b">B</choice>
    <choice value="all">All</choice>
    <change>
      <condition value="a">
        <set token="table_1">table 1 only</set>
        <unset token="table_2"></unset>
      </condition>
      <condition value="b">
        <unset token="table_1"></unset>
        <set token="table_2">table 2 only</set>
      </condition>
      <condition value="all">
        <set token="table_1">all tables</set>
        <set token="table_2">all tables</set>
      </condition>
    </change>
  </input>
</fieldset>
<row>
  <panel>
    <table depends="$table_1$">
      <search>
        <query>| makeresults | eval i_am_table_1="$table_1$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
    <table depends="$table_2$">
      <search>
        <query>| makeresults | eval i_am_table_2="$table_2$"</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
    </table>
  </panel>
</row>
0 Karma
Reply
Solved! Jump to solution

ny34940
Path Finder
‎02-27-2018 11:46 AM

Thanks for the answer!

0 Karma
Reply
Solved! Jump to solution

bangalorep
Communicator
‎02-21-2018 02:38 AM

Hello!
Have you tried the Trellis option for the visualisation?

0 Karma
Reply
Solved! Jump to solution

ny34940
Path Finder
‎02-21-2018 02:50 AM

I am using Splunk 6.5 and trellis is not supported in this version.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...