Create a simple form search

Use Splunk Manager to create a form
Form tags

Create a simple form search

You create a simple form search much the same way you create a dashboard, as described in "Create a dashboard" earlier in this manual. You can do either of the following:

Use the Splunk Manager to create a form search from a new view
Clone an exiting form search and modify it
Create a form search from an XML file

Note: You cannot create a Form interactively as you can create a dashboard with the Splunk Dashboard Editor.

Refer to "Create a dashboard from an XML file" for information on how to create a form search directly from an XML file. The process is the same.

This section shows how to create a form search using Splunk Manager.

Use Splunk Manager to create a form

1. Go to Manager > User interface > Views.

2. Click New, specify the following, then click Save.:

Destination app Select an app from the dropdown list of all available apps in your Splunk instance.

View name Specify a name for the dashboard. The name you specify becomes a node in the path to the dashboard. Only alphanumeric characters and '-' and '_' can be used.

View XML Specify the Simplified XML to create your dashboard. The following is the minimal XML to create a form search. It specifies a sample search command with a token, uses a text field to specify values for the token, and displays the results in a table:

<form>
  <label>Sample form search</label>
  <searchTemplate>index=sample from="$from$"</searchTemplate>
  <fieldset>
      <input type="text" token="from" />
  </fieldset>
  <row>
      <event>
            <title>Results</title>
            <option name="count">50</option>
      </event>
  </row>
</form>

3. (Optional) Modify permissions.

By default, the form you create from Splunk Manager is private. In the Views page of Splunk manager, click Permissions for your form to specify an app (or all apps) for the dashboard and to set permissions for users of the dashboard.

Form tags

Here is a description of the tags in the previous example that defines a form search.

Tag	Description
<form>	Required to define a form
<label>	Optional, to display a title for the form.
<fieldset>	Required, defines the user input (<input. . .>) for the form. The example above uses a text box.
<row><event>. . .	Required, defines the visualization for the returned values. This example uses an event listing. You can specify any of the panel visualizations, as described in "Adding panels to a dashboard".

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.3/Developer/Step1CreateAForm"

« Forms: An introduction Define inputs to a form »

This documentation applies to the following versions of Splunk: 4.3 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Developing Dashboards, Views, and Apps for Splunk Web

Create a simple form search

Contents

Create a simple form search

Use Splunk Manager to create a form

Form tags

Comments