The searches in the form reference the tokens to indicate which time input to use. However if you add additional time inputs to a form, specify a token for each time input. The time input drives the data for all searches in the form. If you add a single time input, a token for the time input is not necessary. You can add one or more time inputs to a form. Index = _internal sourcetype=$sourcetype_tok$ It also defines the choices for the dropdown. The search accesses the value for the token using the ' $.$' as a delimiter for the token value.įor example, the following code snippet defines a dropdown that uses the sourcetype_tok token to represent the selection by the user. A search in the form uses the tokens to specify the values to use in the search. The user input to a form defines tokens for the selected values of the input. See Token usage in dashboards for details on token implementation. The examples show how to use tokens to pass values in forms. ![]() Refer to the Splunk Dashboard Examples app for additional examples that use more robust source data. This topic contains basic examples that show how to create forms. The results can be displayed in tables, event listings, or any of the visualizations available to dashboards. A form shields users from the details of the underlying search – it allows users to focus only on the terms for which they are searching and the results. ![]() A form is similar to a dashboard, but provides an interface for users to supply values to one or more search terms, typically using text boxes, dropdown menus, or radio buttons.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |