Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Time Picker, Search Picker for a Line Chart: Help with Advanced XML

muebel
SplunkTrust
SplunkTrust
‎09-22-2010 09:06 PM

I have been digging into the advanced xml stuff lately, and have come across a hurdle with simply figuring out the correct modules I should be using for the panel I want to create.

The panel would have a time picker, and a list selector that would have two keys. Each keys value would be a whole search string. After the time and search was picked it would create a line chart.

I got the timerangepicker 

<module name="TimeRangePicker" layoutPanel="panel_row2_col1" group="Line Graph for Storage">
<param name="searchWhenChanged">true</param>
<param name="default">last_24_hours</param>
<param name="label">Time Range</param>
</module>

My question then is how I go from here by implementing the selector module with the two keys mapping to the two searches, and then the best module to generate a line graph.

Tags (2)
Reply

sideview
SplunkTrust
SplunkTrust
‎09-23-2010 06:13 AM

You probably want to use a StaticSelect module with a ConvertToIntention under it, with the ConvertToIntention using a stringreplace intention.

What I just said will make no sense to you until you read through either the relevant docs, or better yet download the app from splunkbase called "UI Examples for 4.1" and read through all the examples in there. Check out the example views, clone them and play around with them yourself. The specific example most relevant to this use case is the 'stringreplace' example under 'Advanced XML > Lister examples'.

To explain a little more here though, the StaticSelect module is basically a pulldown. The option values of this pulldown are usually single search terms but there's no reason they couldnt be entire search strings, at least assuming you're using a stringreplace intention.

2) Another option that might be more appropriate in this situation is to use a switcher.
I dont want to go into more detail cause I'll just be duplicating the stuff that's written in that app.

BEWARE: there is an app called 'UI Examples' on splunkbase. Do not download this one because it is old. Download the 'UI Examples for 4.1' cause it has a LOT more detail.

Reply

gkanapathy
Splunk Employee
Splunk Employee
‎09-22-2010 09:32 PM

You might consider prototyping this with Simple XML, then viewing the resulting Advanced XML by adding ?showsource=true to the URL querystring parameters.

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...