All Apps and Add-ons

HTML Module... Sideview... Iterating through an unknown number of results and writing HTML

dennywebb
Path Finder

A much more simple version of this question... but along the same lines. All over the google results for this people keep redirecting the questions with "don't use HTML, use a table module" when that's not what was asked... though the people ARE putting stuff in tables the HTML they're requesting help with, it's really not much of an answer for the next person coming along.

In my case I'm not making a table... but making a table IS a good simple example of what I DO want and a legit answer to those question would have been very helpful.

I have a search that returns a single tabled column. A list. I want that list displayed horizontally, comma separated.

So my search is, for example:
index="smurf_village" | table smurf_name | dedup smurf_name

Which produces:

smurf_name 
-------------------
grumpy
sleepy
clumsy
papa

And what I want is:

<div>The Smurf Names are: grumpy, sleepy, clumsy, papa</div>

And I'm at a standstill because it seems like an impossibility with Splunk to do this in a reasonable way...

Tried some javascript, but you can't enumerate the results that way... is $results[0]$, or any known quantity, really all that it's good for?

sideview
SplunkTrust
SplunkTrust

The best way is to use the search language to join the names together into a single string and then pull it down as a single string.

<module name="PostProcess">
  <param name="search">stats values(smurf_name) as smurf_name | eval smurfs=mvjoin(smurf_name,", ")</param>
  <module name="HTML">
    <param name="html"><![CDATA[
      <div>The Smurf Names are: $results[0].smurfs$</div>
    ]]></param>
  </module>
</module>

I'll take a look back through the other questions to see if I haven't given legitimate answers to any of them. Sorry you feel that way.

sideview
SplunkTrust
SplunkTrust

Well, if you have a number of search results, and you want to iteratively render each of them into its own HTML, the official answer is to use the Sideview Multiplexer module. In the questions that I remember, the questioner ultimately wanted to render a table of the data, and honestly the best advice I can give such a person is to not do that, and use the Table module instead. 😃 I'm happy to help you get familiar with the Multiplexer module, and there is decent documentation as well as a number of working examples in the Sideview Utils docs.

0 Karma

dennywebb
Path Finder

I appreciate the answer, and it will solve my specific problem... but doesn't answer the question about the HTML module and iterating through the results... this is the common theme in all of the similar questions.

0 Karma
Get Updates on the Splunk Community!

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...