Databases Reference
In-Depth Information
•
<param name="search">error | top user</param>
: The actual query
to run.
•
<module name="SimpleResultsTable"></module>
: This module simply
displays a table of the events produced by a parent module. Since there are
no
param
tags specified, the defaults for this module will be used.
•
</module>
: Close the
HiddenSearch
module. This is required for valid XML,
but it also implies that the scope of influence for this module is closed. To
reiterate, only the downstream modules of the
HiddenSearch
module will
receive the events it produces.
•
</view>
: Close the document.
This is a very simple dashboard. It lacks navigation, form elements, job status,
and drilldowns. Adding all of these things is initially somewhat complicated
to understand. Luckily, you can build a dashboard in simple XML, convert it
to advanced XML, and then modify the provided XML as needed.
Converting simple XML to advanced XML
Let's go back to one of the dashboards we created in
Chapter 4
,
Simple XML
Dashboards
,
errors_user_form
. We built this before our app, so it still lives in the
Search app. In my instance, th
is URL is
http://mysplunkserver:8000/en-US/app/
search/errors
_user_form
.
Just to refresh, the simple XML behind this dashboard looks like:
<?xml version='1.0' encoding='utf-8'?>
<form>
<fieldset>
<input type="text" token="user">
<label>User</label>
</input>
<input type="time" />
</fieldset>
<label>Errors User Form</label>
<row>
<chart>
<searchString>
sourcetype="impl_splunk_gen" loglevel=error user="$user$"
| timechart count as "Error count" by network
Search WWH ::
Custom Search