- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: search result as field for filtering in visual...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
i have a statistic table in one of my dashboard that show the result of a search. Is it possible to use some of those fields as filter without re-running the search?
e.g.
Table:
Date Field Field1
04/22 A
04/18 B
04/11 C
As the date field is dynamic and is the result of the search, is it possible to use those as a field as dashboard input to show Field1 only from a specific date.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Check this sample and use base search
<form>
<label>filter</label>
<search id="base_query">
<query>index="_internal" |table source,host,sourcetype,splunk_server</query>
<earliest>$timepicker.earliest$</earliest>
<latest>$timepicker.latest$</latest>
</search>
<fieldset submitButton="false">
<input type="time" token="timepicker">
<label></label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="host">
<label>host</label>
<search base="base_query">
<query>|stats count by host</query>
</search>
<fieldForLabel>host</fieldForLabel>
<fieldForValue>host</fieldForValue>
<prefix>host="</prefix>
<suffix>"</suffix>
</input>
</fieldset>
<row>
<panel>
<table>
<search base="base_query">
<query>
|search $host$ |stats count by source
</query>
</search>
</table>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Check this sample and use base search
<form>
<label>filter</label>
<search id="base_query">
<query>index="_internal" |table source,host,sourcetype,splunk_server</query>
<earliest>$timepicker.earliest$</earliest>
<latest>$timepicker.latest$</latest>
</search>
<fieldset submitButton="false">
<input type="time" token="timepicker">
<label></label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="host">
<label>host</label>
<search base="base_query">
<query>|stats count by host</query>
</search>
<fieldForLabel>host</fieldForLabel>
<fieldForValue>host</fieldForValue>
<prefix>host="</prefix>
<suffix>"</suffix>
</input>
</fieldset>
<row>
<panel>
<table>
<search base="base_query">
<query>
|search $host$ |stats count by source
</query>
</search>
</table>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi totaro,
let me understand. do you want to display Field1 values with Date fiels greather than the clicked value clicking e.g. on 04/18 and without re run the search?
You could do this passing the clicked field value as a token to another search to run in a different panel of the same dashboard or to another dashboard, in this way you have to re-run the same search but limited by the clicked value.
You can find how to pass a token to another panel of the same dashboard in the Dashboard Examples App (see https://splunkbase.splunk.com/app/1603/).
Bye.
Giuseppe
Enterprise Security Content Update (ESCU) | New Releases
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
