Splunk Search

Time Picker, Search Picker for a Line Chart: Help with Advanced XML

muebel
SplunkTrust
SplunkTrust

I have been digging into the advanced xml stuff lately, and have come across a hurdle with simply figuring out the correct modules I should be using for the panel I want to create.

The panel would have a time picker, and a list selector that would have two keys. Each keys value would be a whole search string. After the time and search was picked it would create a line chart.

I got the timerangepicker

<module name="TimeRangePicker" layoutPanel="panel_row2_col1" group="Line Graph for Storage">
<param name="searchWhenChanged">true</param>
<param name="default">last_24_hours</param>
<param name="label">Time Range</param>
</module>

My question then is how I go from here by implementing the selector module with the two keys mapping to the two searches, and then the best module to generate a line graph.

Tags (2)

sideview
SplunkTrust
SplunkTrust

You probably want to use a StaticSelect module with a ConvertToIntention under it, with the ConvertToIntention using a stringreplace intention.

What I just said will make no sense to you until you read through either the relevant docs, or better yet download the app from splunkbase called "UI Examples for 4.1" and read through all the examples in there. Check out the example views, clone them and play around with them yourself. The specific example most relevant to this use case is the 'stringreplace' example under 'Advanced XML > Lister examples'.

To explain a little more here though, the StaticSelect module is basically a pulldown. The option values of this pulldown are usually single search terms but there's no reason they couldnt be entire search strings, at least assuming you're using a stringreplace intention.

2) Another option that might be more appropriate in this situation is to use a switcher.
I dont want to go into more detail cause I'll just be duplicating the stuff that's written in that app.

BEWARE: there is an app called 'UI Examples' on splunkbase. Do not download this one because it is old. Download the 'UI Examples for 4.1' cause it has a LOT more detail.

gkanapathy
Splunk Employee
Splunk Employee

You might consider prototyping this with Simple XML, then viewing the resulting Advanced XML by adding ?showsource=true to the URL querystring parameters.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...