Since we defined submitButton to no/false, the base search runs automatically as autoRun=true is implied. Hi all, thanks a lot for all of your help.įixed the base search issue after adding the time token. Index=application host=".hk" sourcetype=access_combined POST OR GET status+)/"įor this reason it's so slow, because it searches on all the time!įor more infos about inputs see in the Splunk Dashboard Examples App ( ) how to populate a dropdown and how to use it. The initial part the time borders in the base search are missing: Index=application host=".hk" sourcetype=access_combined (POST OR GET) status+)/" Total access for department $d_name$ between $fromDate$ and $toDate$įields deptcode useragent | search deptcode=$d_name$ |stats count fields deptcode useragent | search deptcode=$d_name$ | rename useragent as http_user_agent | lookup user_agents http_user_agent |stats count by ua_family fields deptcode useragent | search deptcode=$d_name$ | rename useragent as http_user_agent | lookup user_agents http_user_agent | timechart count by ua_family usenull=f useother=f Time distribution of browser for department $d_name$ fields deptcode useragent| search deptcode=$d_name$ | timechart count WWW statistics (department, browser a departmentįields deptcode | stats count by deptcode We tried to use full search instead of base search, the app works as expected. The search picks the default value in drop down list. The searches in panel start to run when the page is loaded even before any user input. Then shows "Search produced no results" at end. for long time (usually the same search returns within 1 minute). The drop down list keeps showing Populating. We think the app will not do anything except populating the drop down list, until user select both time range and choice in the drop down list. We wrote a testing app based on sample here, with a time picker and a drop down list which is populated from the base search. We're newbie to Splunk app development and using Splunk 7.3.5.
0 Comments
Leave a Reply. |