Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do you build a panel with different source inputs?

pranay04
Explorer
‎01-30-2019 12:29 PM

I am trying to build a panel where I would like to input the source and present in a radial guaze.

The simple query looks something like this:

index=x host=y source = /logs/zzz* "keyword"| |timechart span=1m count as keyword

And in there I want to be able to change the "zzz" to different options as per input.

Any advice?

Tags (2)
0 Karma
Reply

woodcock
Esteemed Legend
‎01-31-2019 03:36 PM

Why not keep them all and use the Trellis feature?

https://docs.splunk.com/Documentation/Splunk/latest/Viz/VisualizationTrellis

0 Karma
Reply

chrisyounger
SplunkTrust
SplunkTrust
‎01-30-2019 01:54 PM

Hi @pranay04

To do this you need to edit the dashboard and "add an input". Edit thatinput to set a token called for example "source".

Then in your panel, update the search to look like this:

index=x host=y source = $source$* "keyword |timechart span=1m count as keyword

Here is some more info: https://docs.splunk.com/Documentation/Splunk/7.2.3/Viz/tokens#Using_tokens_in_a_search

Good luck

0 Karma
Reply

pranay04
Explorer
‎01-31-2019 01:07 PM

Great ! Thanks! got it

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...