Solved: How can I place a search bar above a sankey chart?

hylam · ‎11-26-2015

It should work like a search app with sankey chart visualization. The running search should cause the sankey chart and stats table to update. Don't forget the time picker.

EDIT1
wide text box + submit button + separate time picker should work, too.

MuS · ‎11-29-2015

Hi hylam,

take this run everywhere dashboard to see how it can be done:

<form script="autodiscover.js">
  <label>my_foo_selector Clone</label>
  <fieldset submitButton="ture">
    <input type="time" token="time">
      <label>Select time range:</label>
      <default>
        <earliest>@d</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="text" token="text">
      <label>Enter text to search:</label>
      <default>*</default>
    </input>
  </fieldset>
  <search id="viz_search">
    <query>
      <![CDATA[
                    index=_internal $text$ earliest="$time.earliest$" latest="$time.latest$" sourcetype=splunk_web_access NOT uri_path=*/static/* uri_path=*/app/* OR uri_path=*/manager/* 
                    | rex field=referer "https?://.+?/.+?(?<referer_path>/[^\\?]+)" 
                    | rex field=uri_path "/.+?(?<path>/.+)" 
                    | rename referer_path as from path as to 
                    | stats count by from to | sort -count | head 50
                ]]>
    </query>
  </search>
  <row>
    <panel>
      <html>
       <h2>Sankey</h2>
       <div id="sankey" class="splunk-view" data-require="app/simple_xml_examples/components/sankey/sankey" data-options="{                             &quot;managerid&quot;: &quot;viz_search&quot;,                             &quot;height&quot;: 400                          }">
                </div>
      </html>
    </panel>
  </row>
</form>

You must have the Simple XML dashboard example App installed https://splunkbase.splunk.com/app/1603/

Hope this helps to get you started and change / modify / add any additional charts as needed 😉

cheers, MuS

View solution in original post

MuS · ‎11-29-2015

Hi hylam,

take this run everywhere dashboard to see how it can be done:

<form script="autodiscover.js">
  <label>my_foo_selector Clone</label>
  <fieldset submitButton="ture">
    <input type="time" token="time">
      <label>Select time range:</label>
      <default>
        <earliest>@d</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="text" token="text">
      <label>Enter text to search:</label>
      <default>*</default>
    </input>
  </fieldset>
  <search id="viz_search">
    <query>
      <![CDATA[
                    index=_internal $text$ earliest="$time.earliest$" latest="$time.latest$" sourcetype=splunk_web_access NOT uri_path=*/static/* uri_path=*/app/* OR uri_path=*/manager/* 
                    | rex field=referer "https?://.+?/.+?(?<referer_path>/[^\\?]+)" 
                    | rex field=uri_path "/.+?(?<path>/.+)" 
                    | rename referer_path as from path as to 
                    | stats count by from to | sort -count | head 50
                ]]>
    </query>
  </search>
  <row>
    <panel>
      <html>
       <h2>Sankey</h2>
       <div id="sankey" class="splunk-view" data-require="app/simple_xml_examples/components/sankey/sankey" data-options="{                             &quot;managerid&quot;: &quot;viz_search&quot;,                             &quot;height&quot;: 400                          }">
                </div>
      </html>
    </panel>
  </row>
</form>

You must have the Simple XML dashboard example App installed https://splunkbase.splunk.com/app/1603/

Hope this helps to get you started and change / modify / add any additional charts as needed 😉

cheers, MuS

How can I place a search bar above a sankey chart?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?