CODEWITHSUNDEEP
splunksplunk-querysplunk-dashboard
Sthefania Moreno Reina
Sthefania Moreno Reina

Reputation: 11

conditional token for differents panel depending token input in dashboard Splunk

I'm trying to configure a dashboard Splunk which uses the input from a token to choose the panel with a specific search for each different value of the token.

What I want to do is something like that, I have this input:

 </input>
    <input type="dropdown" token="subtype">
      <label>Subtype</label>
      <default>ha</default>
      <choice value="ha">HA</choice>
      <choice value="vpn">VPN</choice>
      <choice value="system">SYSTEME</choice>
      <initialValue>ha</initialValue>
    </input>

And I would like to create a different panel to show in dashboard depending on the value of the token $subtype$:

if $subtype$=ha
 <**panel 1**>
      <table>
        <search>
          <query>*Query for info HA*</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
if $subtype$=vpn
 <**panel 2**>
      <table>
        <search>
          <query>*Query for info vpn*</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
if $subtype$=system
 <**panel 3**>
      <table>
        <search>
          <query>*Query for info system*</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>

I saw some solutions using drilldown, but i can't find how to do it directly with the token input.

Upvotes: 0

Views: 1618

Answers (1)

RichG
RichG

Reputation: 9926

Set tokens within the <input> element that control which panel should be shown. Each <panel> will have a depends option that displays the panel only if the specified token is set.

<form version="1.1" theme="dark">
  <label>Systeme Fortigate</label>
  <fieldset submitButton="true" autoRun="true">
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="dropdown" token="subtype">
      <label>Subtype</label>
      <default>ha</default>
      <choice value="ha">HA</choice>
      <choice value="vpn">VPN</choice>
      <choice value="system">SYSTEME</choice>
      <initialValue>ha</initialValue>
      <change>
      <condition value="ha">
        <set token="show_HA_panel">1</set>
        <unset token="show_VPN_panel"/>
        <unset token="show_SYSTEME_panel"/>
      </condition>
      <condition value="vpn">
        <unset token="show_HA_panel"/>
        <set token="show_VPN_panel">1</set>
        <unset token="show_SYSTEME_panel"/>
      </condition>
      <condition value="system">
        <unset token="show_HA_panel"/>
        <unset token="show_VPN_panel"/>
        <set token="show_SYSTEME_panel">1</set>
      </condition>
      </change>
    </input>
    <input type="text" token="search">
      <label>Search</label>
      <default>*</default>
    </input>
  </fieldset>
  <row>
    <panel depends="$show_HA_panel$">
      <table>
        <title>HA Panel</title>
        <search>
          <query>index="fortigate" sourcetype=fortigate_event  subtype="$subtype$" $search$ 
| table  _time, level, action, devname, logdesc, sync_status, sync_type</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="count">50</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
  <row>
    <panel depends="$show_VPN_panel$">
      <table>
        <title>VPN Panel</title>
        <search>
          <query>index="fortigate" sourcetype=fortigate_event  subtype="$subtype$" $search$ 
| table  _time, level, log_action, logdesc, role, status, tunnelname</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="count">50</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
  <row>
    <panel depends="$show_SYSTEME_panel$">
      <table>
        <title>SYSTEME Panel</title>
        <search>
          <query>index="fortigate" sourcetype=fortigate_event  subtype="$subtype$" $search$ 
| table  _time, level, action, object_attrs, user,logdesc, msg</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="count">50</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>

Upvotes: 1

Related Questions