Solved: How to create a dashboard with a drop-down populat...

cdstealer · ‎03-05-2015

Hi,

I have imported a CSV file which has auto extracted the column heading and values 🙂 The task I have now is to create a dashboard where the user can select the time period (done) and then select the the field header they are interested in. Is this possible and how do I get the extracted headers into the drop-down?

Cheers

somesoni2 · ‎03-08-2015

You just want the CSV header names (e.g. field1, field2) into the dropdown? If yes try below query:

<form>
   <fieldset>
     <input type="time" token="field1">
       <label></label>
       <default>
         <earliest>0</earliest>
         <latest></latest>
       </default>
     </input>
     <input type="dropdown">
       <search>
         <query>index=storage_csv sourcetype=storage_csv | head 1 | transpose | fields column | search column=CLASS* </query>
           <earliest>$field1.earliest$</earliest>
           <latest>$field1.latest$</latest>
       </search>
<fieldForLabel>column</fieldForLabel>
   <fieldForValue>column</fieldForValue>
     </input>
   </fieldset>
 </form>

View solution in original post

somesoni2 · ‎03-08-2015

You just want the CSV header names (e.g. field1, field2) into the dropdown? If yes try below query:

<form>
   <fieldset>
     <input type="time" token="field1">
       <label></label>
       <default>
         <earliest>0</earliest>
         <latest></latest>
       </default>
     </input>
     <input type="dropdown">
       <search>
         <query>index=storage_csv sourcetype=storage_csv | head 1 | transpose | fields column | search column=CLASS* </query>
           <earliest>$field1.earliest$</earliest>
           <latest>$field1.latest$</latest>
       </search>
<fieldForLabel>column</fieldForLabel>
   <fieldForValue>column</fieldForValue>
     </input>
   </fieldset>
 </form>

cdstealer · ‎03-09-2015

somesoni2.. you sir, are a life saver! Thank you very very much 🙂

muebel · ‎03-06-2015

Seems like you will want to setup a Form with with dropdown fieldset:

<form>
  <fieldset>
    <input type="dropdown">
      <search>
        <query>source=csv | fields field1,field2</query>
      </search>
    </input>
  </fieldset>
</form>

Something like this will populate a dropdown with the results from the search you specify.

cdstealer · ‎03-06-2015

Hi Muebel,
Thanks for the reply.. unfortunately I've already done that (kind of).. Specifying individual fields is not realistic due to the amount of them. The query I used is index=storage_csv sourcetype=storage_csv | fields "CLASS*" but it complains of "duplicate labels" of which there are none. This is a very basic XML that I've used:

<form>
  <fieldset>
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>0</earliest>
        <latest></latest>
      </default>
    </input>
    <input type="dropdown">
      <search>
        <query>index=storage_csv sourcetype=storage_csv | fields "CLASS*"</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
      </search>
    </input>
  </fieldset>
</form>

Running the query manually returns the fields as expected.

saura1312 · ‎11-21-2016

Where do i keep this XMLs? please explain in detail

muebel · ‎03-07-2015

Ah, I left a bit out. You will need to add a couple more elements to the dropdown input:

  <fieldForLabel>CLASS</fieldForLabel>
  <fieldForValue>CLASS</fieldForValue>

cdstealer · ‎03-07-2015

Hi Muebel,
Thanks again.. unfortunately I still get the "Duplicate labels" error. I ran the query index=storage_csv sourcetype=storage_csv | transpose | rename column as class | sort -class to ensure there were no duplicates being returned. Which of course there aren't. I am utterly stuck on this one 😞

How to create a dashboard with a drop-down populated with extracted field headers from a CSV file?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases