Solved: Re: How to use a drop-down token to pick different...

yogas · ‎07-27-2015

I have a dashboard that is populated only by a drop-down input and a chart panel.

What I want to do is have several predefined searches stored somewhere, and then based on the token value I choose from the drop-down, choose the appropriate search and then populate that search into the chart panel.

If I can store two different searches inside variables, for example search01 and search02. these perform two very different searches...

And then for example, using the token $prod$ that I got from the drop-down, I do the following conditional:

if $prod$=1 then populate the chart panel with

<searchString>search01</searchString>

elseif $prod$=2 then populate the chart panel with

<searchString>search02</searchString>

any ideas would be much appreciated 🙂

cheers,
Yogas

somesoni2 · ‎07-27-2015

This is how I would do the same thing:-

Create a saved search for all the searches that you want to run. http://docs.splunk.com/Documentation/Splunk/6.2.4/Report/Createandeditreports
In the dropdown input, provide the name of saved searches as value.
Update your search for chart to use following (http://docs.splunk.com/Documentation/Splunk/6.2.4/SearchReference/Savedsearch)

| savedsearch $tokenname$

This way whatever user selects from dropdown, that savedsearch name appears here and ran.

View solution in original post

bmacias84 · ‎07-27-2015

similar question has been answered. http://answers.splunk.com/answers/287850/am-i-able-to-use-tokens-for-a-report-selection-dro-1.html#a...

somesoni2 · ‎07-27-2015

This is how I would do the same thing:-

Create a saved search for all the searches that you want to run. http://docs.splunk.com/Documentation/Splunk/6.2.4/Report/Createandeditreports
In the dropdown input, provide the name of saved searches as value.
Update your search for chart to use following (http://docs.splunk.com/Documentation/Splunk/6.2.4/SearchReference/Savedsearch)

| savedsearch $tokenname$

This way whatever user selects from dropdown, that savedsearch name appears here and ran.

rey123 · ‎03-26-2019

@somesoni2 , what if the saved search themselves took parameters? ie., the saved search output depended on the values of those parameters (among others), in the search. How could heen create such a search?

yogas · ‎07-27-2015

Hi somesoni2,
thank you for the answer, this turns out to be quite simple and works great 🙂

gfreitas · ‎07-27-2015

Hi Yogas,

I've done this once using search macros. I've created some searches eg: search01, search02 and search03 and when the user choose the dropdown the value of the dropdown is the search macro name and the dashboard just runs: $search_dropdown$

I also used this to add variables to the search macro and add some variable to the searches.

Hope this can help you!

rey123 · ‎03-26-2019

@gfreitas, would you be able to explain your suggestion with an example? It would be MUCH clearer then for those of us trying to execute the same steps!

How to use a drop-down token to pick different searches to run and populate a chart panel?

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...