All Apps and Add-ons

Splunk Dashboard

garimayadav
New Member

Can we create a Splunk dashboard where in result of search query can be post-processed programmatically?

0 Karma

slashnburn
Path Finder

This is absolutely feasible. I would recommend downloading the web framework toolkit to get some background on search managers and the like.

Essentially you will create a search manager for each of your various forms, perform your business logic on myresults.data, then return it back to whatever splunk view you want.

Another good starting point for some background can be found here http://dev.splunk.com/webframework

I should note that you will need access to the server's file system.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

You should be able to use the textbox value added to the Splunk dashboard/form and generate a dynamic search query, run it and display the result. Feasibility of the dynamic query depend on the requirement. Please post the business rule that you want to apply on the value of the text box, people here may be able to give you appropriate help/pointers.

0 Karma

satishsdange
Builder

Could you please give a use cases/example that explains your query in detail.

0 Karma

garimayadav
New Member

We want to create a customised dashboard where in user enters some id and result is displayed in a table below on the same screen. Now, I have following questions:

1) Can we create a text box on dashboard which takes input and then at the backend, we utilize this input ( say "id") to create a search query?
2) Can we use Splunk Java SDK at the back end for writing business logic?
2) Once search query is created using SPlunk Java SDK, we would process the result of query ( apply some business logic) , and then return the processed result back to the UI ( dashboard). Is this feasible?

0 Karma

markthompson
Builder

I believe you are able to set variables with an SDK. http://dev.splunk.com/view/java-sdk/SP-CAAAEPZ

0 Karma

satishsdange
Builder
  1. You can certainly create a form in a dashboard that allows users to provide inputs e.g id, username, email id, time range etc. This can be done in core Splunk. Please refer to below doc link http://docs.splunk.com/Documentation/Splunk/6.2.2/Viz/FormEditor I don't have answer for 2nd & 3rd question. But you can definitely refer to http://dev.splunk.com/java for more information.
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...