- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Pulldown and static select in view
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
i need to create a view with multiple forms ( pulldowns, SearchSelectLister,StaticSelectListers and etc). Search consists of 2 indexes and join command, in first index i select depatment and login, using Pulldown and surname using static select , in second index i choose date using static select, then i chose surname and . Now i am in doubts how to do it best way. What should be the structure of my XML?
Here is brief XML of my view
<param name="postProcess">dedup $name$ | sort $name$</param>
<param name="valueField">$name$</param>
<module name="Pulldown">
<param name="name">LOGIN</param>
<param name="label">LOGIN</param>
<param name="size">4</param>
<param name="template">LOGIN="$value$"</param>
<param name="separator">+OR+</param>
<param name="outerTemplate">( $value$ )</param>
<param name="postProcess">search $Department$ | dedup $name$ | sort $name$</param>
<param name="valueField">$name$</param>
<module name="Search" >
<param name="search">index="1c3" $Department$ $LOGIN$ surname=$surname$| join Login [search index=database] | search date=$date$| table Login Department date
</param>
<module name="StaticSelect">
<param name="staticFieldsToDisplay">
<list>
<param name="value">*</param>
<param name="label">all</param>
</list>
<list>
<param name="value">1</param>
<param name="label">1</param>
</list>
<list>
<param name="value">2</param>
<param name="label">2</param>
</list>
</param>
<param name="label">Date</param>
<param name="settingToCreate">date_setting</param>
<param name="searchWhenChanged">False</param>
<module name="ConvertToIntention">
<param name="settingToConvert">date_setting</param>
<param name="intention">
<param name="name">stringreplace</param>
<param name="arg">
<param name="date">
<param name="fillOnEmpty">True</param>
<param name="value">$target$</param>
</param>
</param>
</param>
<module name="StaticSelect">
....
<!-- static select for surname>
....
<module name="Pager">
<param name="entityName">results</param>
<module name="Table"></module>
</module>
</module>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think the short answer is that the use of intentions is confusing you. But the good news is you're already using Sideview Utils 2.X for most of this view, so you can just go all the way and replace your StaticSelect and ConvertToIntention modules with more Pulldown modules....
To be precise, you're already using the Sideview modules Search, Pulldown, Pager and Table here. You're using the Sideview Pulldown module for Department and LOGIN, but then a little deeper into the view you start using the core Splunk modules StaticSelect and ConvertToIntention again. Pulldown module completely supercedes StaticSelect, SearchSelectLister and ConvertToIntention. It's more powerful but at the same time simpler and easier to use. So just keep on doing what you're doing - convert all the way.
Here I've cleaned up your XML and converted that StaticSelect+ConvertToIntention to a Pulldown module as well. This eliminates the need for intentions and shortens, de-indents and simplifies your view.
<module name="Search" layoutpanel="panel_row1_col1" autorun="True">
<param name="search">index="1c3" | fields LOGIN, Department</param>
<module name="Pulldown">
<param name="name">Department</param>
<param name="label">Department</param>
<param name="template">Department="$value$"</param>
<param name="postProcess">dedup $name$ | sort $name$</param>
<param name="valueField">$name$</param>
<module name="Pulldown">
<param name="name">LOGIN</param>
<param name="label">LOGIN</param>
<param name="size">4</param>
<param name="template">LOGIN="$value$"</param>
<param name="separator">+OR+</param>
<param name="outerTemplate">( $value$ )</param>
<param name="postProcess">search $Department$ | dedup $name$ | sort $name$</param>
<param name="valueField">$name$</param>
<module name="Pulldown">
<param name="name">date</param>
<param name="label">Date</param>
<param name="staticOptions">
<list>
<param name="value">*</param>
<param name="label">all</param>
</list>
<list>
<param name="value">1</param>
</list>
<list>
<param name="value">2</param>
</list>
</param>
... Pulldown module for surname...
<module name="Search">
<param name="search">index="1c3" $Department$ $LOGIN$ surname=$surname$| join Login [search index=database] | search date=$date$| table Login Department date</param>
<module name="Pager">
<module name="Table"></module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
There's a 11minute screencast demo about the Pulldown module, and why it's better than SearchSelectLister+StaticSelect+ConvertToIntention http://www.youtube.com/watch?v=fkXBgkwZoEQ
and as always, tons of docs and working examples of all these modules are in the Sideview Utils module itself. get it for free from the Sideview site. http://sideviewapps.com/apps/sideview-utils
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think the short answer is that the use of intentions is confusing you. But the good news is you're already using Sideview Utils 2.X for most of this view, so you can just go all the way and replace your StaticSelect and ConvertToIntention modules with more Pulldown modules....
To be precise, you're already using the Sideview modules Search, Pulldown, Pager and Table here. You're using the Sideview Pulldown module for Department and LOGIN, but then a little deeper into the view you start using the core Splunk modules StaticSelect and ConvertToIntention again. Pulldown module completely supercedes StaticSelect, SearchSelectLister and ConvertToIntention. It's more powerful but at the same time simpler and easier to use. So just keep on doing what you're doing - convert all the way.
Here I've cleaned up your XML and converted that StaticSelect+ConvertToIntention to a Pulldown module as well. This eliminates the need for intentions and shortens, de-indents and simplifies your view.
<module name="Search" layoutpanel="panel_row1_col1" autorun="True">
<param name="search">index="1c3" | fields LOGIN, Department</param>
<module name="Pulldown">
<param name="name">Department</param>
<param name="label">Department</param>
<param name="template">Department="$value$"</param>
<param name="postProcess">dedup $name$ | sort $name$</param>
<param name="valueField">$name$</param>
<module name="Pulldown">
<param name="name">LOGIN</param>
<param name="label">LOGIN</param>
<param name="size">4</param>
<param name="template">LOGIN="$value$"</param>
<param name="separator">+OR+</param>
<param name="outerTemplate">( $value$ )</param>
<param name="postProcess">search $Department$ | dedup $name$ | sort $name$</param>
<param name="valueField">$name$</param>
<module name="Pulldown">
<param name="name">date</param>
<param name="label">Date</param>
<param name="staticOptions">
<list>
<param name="value">*</param>
<param name="label">all</param>
</list>
<list>
<param name="value">1</param>
</list>
<list>
<param name="value">2</param>
</list>
</param>
... Pulldown module for surname...
<module name="Search">
<param name="search">index="1c3" $Department$ $LOGIN$ surname=$surname$| join Login [search index=database] | search date=$date$| table Login Department date</param>
<module name="Pager">
<module name="Table"></module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
There's a 11minute screencast demo about the Pulldown module, and why it's better than SearchSelectLister+StaticSelect+ConvertToIntention http://www.youtube.com/watch?v=fkXBgkwZoEQ
and as always, tons of docs and working examples of all these modules are in the Sideview Utils module itself. get it for free from the Sideview site. http://sideviewapps.com/apps/sideview-utils
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Sideview TextField module supercedes ExtendedFieldSearch. Check out the docs in Sideview Utils to see how to use TextField. It's much much simpler than ExtendedFieldSearch. Most of the time the equivalent TextField config is only a few lines, and again you don't have to think about intentions.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is really good advice! but i have one question.
I have
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are plenty of options to do what you are after, if you have doubts I recommend you download the app Splunk Dashboard Examples and you will see how to use each kind of picker, dropdown, etc...
I find that app very very helpful
http://splunk-base.splunk.com/apps/64805/splunk-dashboard-examples
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't get what you mean, which search do you have trouble constructing?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks i used this app and UI Examples app, but my trouble is that: pulldown uses Search but staticselect uses hiddensearch. Now i have no ideas how to construct my search.
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
