Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Using Radio Buttons in a drilldown

twistedsixty4
Path Finder
‎06-03-2013 05:41 PM

hey all,
so what im trying to do is use a radial group to change the search in a drilldown by having each radio button specify a different search, but im not sure how to format the parameters to do this. can anyone help?

<module name="RadioButtonSearch">    
<param name="label">Sort by</param>

???



By Host

(index=windows_security EventCode=4624) OR (index=unix OR
index=unix_secure pam_vas: succeeded)
OR (host="csacs000*" CSCOacs_Passed_Authentications) | top
20 host



By User

(index=windows_security EventCode=4624) OR (index=unix OR
index=unix_secure pam_vas: succeeded)
OR (host="csacs000*" CSCOacs_Passed_Authentications) | top
20 user


Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎06-03-2013 11:17 PM

The RadioButtonSearch module can only create 'addterm' intentions, and that means the values of your radio buttons can each only be single searchterms like "foo" or field values like someField="someValue".

With core Splunk you're probably better off using the "StaticRadio" module, which works a lot like the "StaticSelect" module. The bad news is that you'll have to get used to using the ConvertToIntention module because you'll need it to turn the simple key from StaticRadio into a "stringreplace" intention. (To explain: RadioButtonSearch creates the intention automatically, but again it can only create 'addterm' intentions. StaticRadio doesn't create the intention, only creating a simple key, and this is why you need ConvertToIntention to turn that key value into an "intention". confused?)

Making it harder is the fact that the Dashboard Examples app doesn't contain any working examples for either module. You can find an example of the StaticSelect module though, and between that and between the few "stringreplace" intention examples in there, and the StaticRadio.conf file, it's possible to figure it out.

If you're using Sideview Utils 2.X, you'll have an easier time because you can use the Radio module, and you won't need an intention nor a ConvertToIntention module. Sideview Utils contains its own documentation and working examples for its modules, including for the Radio module. download the app for free ( http://sideviewapps.com/apps/sideview-utils ), and once its installed, use the app navigation to go to "Module Documentation > Form Search Modules > The Radio Module".

View solution in original post

0 Karma
Reply
Solved! Jump to solution

twistedsixty4
Path Finder
‎06-04-2013 03:53 PM

So what I ended up doing was using SideviewUtils to do a pulldown and alter the search directly.
here's my code if it will end up helping anyone.

     <module name="Pulldown">
       <param name="staticFieldsToDisplay">
         <list>
         <param name="label">Host</param>
         <param name="value">host</param>
         <param name="selected">true</param>
       </list>
       <list>
         <param name="label">User</param>
         <param name="value">user</param>
       </list>
     </param>
     <param name="name">selectedSort</param>
     <param name="label">Grouping</param>
     <module name="Search">
       <param name="search">(index=windows_security EventCode=4624) OR (index=unix OR index=unix_secure pam_vas: succeeded) OR (host="csacs000*" CSCOacs_Passed_Authentications) | top $selectedSort$ | fields - percent </param>
0 Karma
Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎06-03-2013 11:17 PM

The RadioButtonSearch module can only create 'addterm' intentions, and that means the values of your radio buttons can each only be single searchterms like "foo" or field values like someField="someValue".

With core Splunk you're probably better off using the "StaticRadio" module, which works a lot like the "StaticSelect" module. The bad news is that you'll have to get used to using the ConvertToIntention module because you'll need it to turn the simple key from StaticRadio into a "stringreplace" intention. (To explain: RadioButtonSearch creates the intention automatically, but again it can only create 'addterm' intentions. StaticRadio doesn't create the intention, only creating a simple key, and this is why you need ConvertToIntention to turn that key value into an "intention". confused?)

Making it harder is the fact that the Dashboard Examples app doesn't contain any working examples for either module. You can find an example of the StaticSelect module though, and between that and between the few "stringreplace" intention examples in there, and the StaticRadio.conf file, it's possible to figure it out.

If you're using Sideview Utils 2.X, you'll have an easier time because you can use the Radio module, and you won't need an intention nor a ConvertToIntention module. Sideview Utils contains its own documentation and working examples for its modules, including for the Radio module. download the app for free ( http://sideviewapps.com/apps/sideview-utils ), and once its installed, use the app navigation to go to "Module Documentation > Form Search Modules > The Radio Module".

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...