O'Reilly logo

Implementing Splunk - Second Edition by James D Miller, Vincent Bumgarner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Building forms

Forms allow you to make a template that needs one or more pieces of information supplied to run. You can build these directly using raw XML, but I find it simpler to build a simple dashboard and then modify the XML accordingly. The other option is to copy an existing dashboard and modify it to meet your needs. We will touch on a simple use case in the following section.

Creating a form from a dashboard

First, let's think of a use case that we might be able to use with our previous example. How about a form that tells us about the forecast events for a particular year? Let's start with our previous search example:

sourcetype="*" Forecast | timechart count as "Forecast Events" by date_month

Since we have already created a dashboard from ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required