On one condition...
I have found that I love creating xml code and seeing all the different capabilities it has within Splunk. While at a client recently, the client wanted to have two separate sets of dashboard inputs on one dashboard. To accomplish this, I turned to some more complex features of simple xml by creating what “appears” to be two separate dashboards; however, it’s actually just one. In creating this, my main focus areas were using “tokens” and “depends”.
I started with my Universal Input of Linux or Windows. This will be what my user sees when the dashboard initially loads.
<fieldset submitButton="true" autoRun="false">
<!-- Begin Universal inputs -->
<input type="radio" token="resource">
<label>Resource Type</label>
<choice value="linux”>Linux</choice>
<choice value="windows">Windows</choice>
<change>
<condition label="Linux">
<set token="anySelected">true</set>
<set token="linuxSelected">true</set>
<unset token="windowsSelected"></unset>
</condition>
<condition label="Windows">
<set token="anySelected">true</set>
<set token="windowsSelected">true</set>
<unset token="linuxSelected"></unset>
</condition>
</change>
</input>
This code uses “conditions” to determine which of my form inputs will appear; and ultimately, which dashboard loads. I chose to utilize a radio input with Linux or Windows as my options. These tokens (“anySelected”, “linuxSelected”, and “windowsSelected”) will generate the appropriate inputs by using “depends”.
I then organized my xml by which resource the input would be associated with. After deciding the input type and token, I include “depends=”$linuxSelected$” if I would like to see this input generated with my Linux dashboard.
<!-- Begin Linux inputs -->
<input type="radio" token="calcmode1" searchWhenChanged="false" depends="$linuxSelected$">
<label>Calculation Mode</label>
<choice value="| bin _time span=1d | stats avg(value) as Average by host">Average</choice>
<choice value="| bin _time span=1h | stats max(value) as hourlyMax by host,_time | bin _time span=1d | stats avg(hourlyMax) as Average by host,_time">HighWater</choice>
<default>Average</default>
</input>
<input type="text" token="servername" depends="$linuxSelected$">
<label>Server Name</label>
<choice value="*">All</choice>
</input>
<!-- Begin Windows inputs -->
<input type="radio" token="calcmode" searchWhenChanged="false" depends="$windowsSelected$">
<label>Calculation Mode</label>
<choice value="average">Average</choice>
<choice value="highwater">HighWater</choice>
<default>Average</default>
</input>
<input type="dropdown" token="serverstatus" depends="$windowsSelected$">
<label>Server Status:</label>
<default>All</default>
<choice value="*">All</choice>
<choice value="QA">QA</choice>
<choice value="Development">Development</choice>
<choice value="Production">Production</choice>
</input>
I also have a time picker that I would like to use in both of my dashboards. To have my time picker appear on both dashboards, my “depends” will be “$anySelected$”.
<input type="time" searchWhenChanged="false" depends="$anySelected$">
<label>Time</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
Here is how my final two dashboard inputs generated.
If Linux is selected:
If Windows is selected:
Now your inputs are ready and your dashboard searches can be built! Just ensure tokens are passed down into your searches where they are needed. Beware: this can get very messy depending on how many dashboard options you’d like, as well as the number of searches and inputs you have.
For more information on using conditions, depends and tokens in your Splunk xml, visit: http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens
Happy Splunking!
- Log in to post comments
Function1, Inc. Copyright 2024. All Rights Reserved