Re: is it possible to store the value into index w...

vengat4043 · ‎04-23-2021

Dear team,

Can you please help me on the below query:

We have a textbox in the Dashboard, whatever the value is given to the textbox that need to be stored in index.

is it possible in splunk?

aasabatini · ‎04-23-2021

Hi @vengat4043

I try to help, but maybe I don't understand the point.

anyway the splunk command to collect search results on a index is: "collect"

https://docs.splunk.com/Documentation/Splunk/8.1.3/SearchReference/Collect

now I built a dashboard with your request, a textbox and a panel with a collect comand to add the results on one index

<form>
  <label>test dashboard</label>
  <fieldset submitButton="true">
    <input type="text" token="field1">
      <label>textbox</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <title>fieldbox</title>
        <search>
          <query>* | eval fieldbox="$field1$" | table fieldbox _time | head 1 | collect index="name of index"</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>

please, remember to change the name of index on the search present in Dashboard

I hope this can help

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

is it possible to store the value into index which is given by user in textbox?

SplunkJS

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases