Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to change Inline Search based on the click.value in Simple XML?

theouhuios
Motivator
‎06-25-2015 06:27 AM

Hello

I am trying to implement an inline chart whose search criteria will change based on the $click.value$ on the table.

Example:

Table

Column-A   Column-B
ABC          456456
NBH          5635635

Drilldown will be based on the value of $row.Column-A$

Now the inline search should change based on whether the value selected is ABC or NBC

IF $row.Column-A$=ABC

<chart>
index=blah sourcetype=blah ...|timechart
</chart>


 IF $row.Column-A$=NBC 

   <chart>
    index=blah2 sourcetype=blah2 ...|timechart
    </chart>

Is it possible to toggle the depend field like this? Any Ideas?

0 Karma
Reply

gyslainlatsa
Motivator
‎06-25-2015 07:43 AM

hi theouhuios,
try like this and let me know if this solves your problem

<form>
  <label>In-Page Drilldown</label>
  <description/>
  <fieldset submitButton="false">
    <!--
            Create an input to store the drilldown value. It will be hidden using custom javascript when
            the dashboard is loaded.
         -->

    <input type="text" token="Column_A" searchWhenChanged="true"/>
  </fieldset>

  <row>
    <table id="master">
      <title>Display </title>
      <searchString>index=index_name sourcetype=sourcetype_file |table Column_A  Column_B</searchString>
      <!-- Set the type of of drilldown, since we will always consume the same field, use row-->
      <option name="drilldown">row</option>
      <drilldown>
        <!-- Use set to specify the new token to be created.
                     Use any token from the page or from the click event to produce the value needed. -->
        <set token="Column_A ">$row.Column_A$</set>
        <!-- If we also set the form.sourcetype the input will get updated too -->
        <set token="form.Column_A ">$row.Column_A$</set>
      </drilldown>
    </table>
  </row>

  <row>

   <panel id="detail" depends="$Column_A$">
     <title>Column_A=$Column_A$ </title>

     <input type="dropdown" token="newstatus" searchWhenChanged="true">
        <label>Change the value of Column_A</label>
        <choice value="ABC">ABC</choice>
        <choice value="NBH">NBH</choice>
        <default></default>

        <change>
          <condition value="ABC">
            <set token="new_search">index=index_name sourcetype=sourcetype_file  Column_A=$Column_A$ |timechart count </set>
          </condition>

          <condition value="NBH">
            <set token="new_search">index=index_name sourcetype=sourcetype_file  Column_A=$Column_A$ |timechart count by Column_B</set>
          </condition>
        </change>
  </input>

      <chart>
        <title>change the chart depending on the value of Column_A</title>
        <search>
          <query>$new_search$</query>
        </search>
      </chart>

   </panel>

  </row>
</form>
0 Karma
Reply

hiteshkanchan
Communicator
‎09-02-2015 11:48 AM

I tried using the same but when I use "change" and "condition" it is not able to get the query and i get the message as "No search query Provided". Any idea if it is version issue or something else. I am currently using 6.1.

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...