I have a dashboard where I have a timer input (time_duration_token),drop down 1 (DD1 - service_name_token) depends on timer input, multi-select drop down 2 (DD2 - http_uri_multiselect_token) depends on DD1 (service_name_token).
Once all the input is provided, user hits on "Submit" button and the resulting chart should be displayed.
All of this works well as long as separate search queries are used in each one of them. Once the timer changes, DD1 is searched and values are displayed. Once DD1 is selected, DD2 search starts, and corresponding values are displayed. All goes well.
Here's a working example:
<label>Technical - HTTP Metrics</label>
<fieldset submitButton="true" autoRun="false">
<input type="time" token="time_duration_token" searchWhenChanged="false">
<label>Select a time range</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="service_name_token" searchWhenChanged="false">
<label>Select microservice</label>
<fieldForLabel>source</fieldForLabel>
<fieldForValue>source</fieldForValue>
<search>
<query>
index="cloud_world" | spath source | search event.logger="*CustomLoggingMeterRegistry*" | rex field=event.message "(?<metric_name>[a-z.]+)" | search metric_name="http.server.requests" | dedup source
</query>
<earliest>$time_duration_token.earliest$</earliest>
<latest>$time_duration_token.latest$</latest>
</search>
</input>
<input type="multiselect" token="http_uri_multiselect_token" searchWhenChanged="false">
<label>Select URI</label>
<fieldForLabel>http_uri</fieldForLabel>
<fieldForValue>http_uri</fieldForValue>
<search>
<query>
index="cloud_world" | spath source
| search source=$service_name_token|s$ event.logger="*CustomLoggingMeterRegistry*"
| rex field=event.message "(?<metric_name>.*){.*,status=(?<http_status>[\d]{3}),uri=(?<http_uri>.*)}.*mean=(?<mean_time>[\d.]+)s\smax=(?<max_time>[\d.]+)"
| search metric_name="http.server.requests"
| top http_uri
</query>
<earliest>$time_duration_token.earliest$</earliest>
<latest>$time_duration_token.latest$</latest>
</search>
<delimiter>,</delimiter>
<valueSuffix>"</valueSuffix>
<valuePrefix>"</valuePrefix>
</input>
<input type="checkbox" token="http_status_token">
<label>Select HTTP status</label>
<choice value=""200", "201"">2xx</choice>
<choice value=""400", "401"">4xx</choice>
<delimiter> </delimiter>
</input>
</fieldset>
<row>
<panel>
<title>Mean time by URI</title>
<chart>
<title>Mean time</title>
<search>
<query>
index="cloud_world" | spath source
| search source=$service_name_token|s$ event.logger="*CustomLoggingMeterRegistry*"
| rex field=event.message "(?<metric_name>.*){.*,status=(?<http_status>[\d]{3}),uri=(?<http_uri>.*)}.*mean=(?<mean_time>[\d.]+)s\smax=(?<max_time>[\d.]+)"
| search metric_name="http.server.requests"
| where http_uri in($http_uri_multiselect_token$) AND http_status in($http_status_token$)
| chart max(mean_time) over _time by http_uri usenull=f useother=false
</query>
</search>
<option name="charting.axisTitleX.text">Time</option>
<option name="charting.axisTitleX.visibility">collapsed</option>
<option name="charting.axisTitleY.text">Time (in ms)</option>
<option name="charting.axisTitleY.visibility">collapsed</option>
<option name="charting.axisTitleY2.visibility">collapsed</option>
<option name="charting.chart">line</option>
<option name="charting.chart.nullValueMode">connect</option>
<option name="charting.chart.showDataLabels">minmax</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.placement">none</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">1</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
</form>
Since the searches are very similar, I decided to use base search, and that is what broke the cascading search. Here's an example that does not work:
<form version="1.1" theme="light">
<label>Technical - HTTP Metrics</label>
<search id="httpMetricsBaseSearch">
<query>
index="cloud_world"
| spath source
| search event.logger="*CustomLoggingMeterRegistry*"
| rex field=event.message "(?<metric_name>[a-z.]+){(?<metric_dimensions>.*)}\s(?<metric_measurements>.*)"
| search metric_name="http.server.requests"
| rex field=metric_dimensions "status=(?<http_status>[\d]{3}),uri=(?<http_uri>.*)"
| rex field=metric_measurements "mean=(?<mean_time>[\d.]+)s\smax=(?<max_time>[\d.]+)"
| table source, http_uri, http_status, max_time, mean_time, _time
</query>
<earliest>$time_duration_token.earliest$</earliest>
<latest>$time_duration_token.latest$</latest>
</search>
<fieldset submitButton="true" autoRun="false">
<input type="time" token="time_duration_token" searchWhenChanged="false">
<label>Select a time range</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="service_name_token" searchWhenChanged="false">
<label>Select microservice</label>
<fieldForLabel>source</fieldForLabel>
<fieldForValue>source</fieldForValue>
<search base="httpMetricsBaseSearch">
<query>
| dedup source
</query>
</search>
</input>
<input type="multiselect" token="http_uri_multiselect_token" searchWhenChanged="false">
<label>Select URI</label>
<fieldForLabel>http_uri</fieldForLabel>
<fieldForValue>http_uri</fieldForValue>
<search base="httpMetricsBaseSearch">
<query>
| where source=$service_name_token|s$ | dedup http_uri
</query>
</search>
<delimiter>,</delimiter>
<valueSuffix>"</valueSuffix>
<valuePrefix>"</valuePrefix>
</input>
<input type="checkbox" token="http_status_token">
<label>Select HTTP status</label>
<choice value=""200", "201"">2xx</choice>
<choice value=""400", "401"">4xx</choice>
<delimiter> </delimiter>
</input>
</fieldset>
</form>
In above form, if I change time, it does not automatically trigger DD1(service_name_token) search, which was the case in the first example where separate searches are used.
Is there a way to fix this, may be using dummy tokens, hidden tokens etc. ?
Please note that I only want user to hit submit button, when he/she has filled in all the input fields.