Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Add a column with comments in the table and update it accourding to drop down

deepthi5
Path Finder
‎08-01-2024 05:19 AM

Hello All,

I have a dashboard for vulnerability tracking but i would like to add some custom changes for example 

Vuln_numberdv_risk_ratingdv_assignment_groupshort_description
VIT96623682 - HighXYZR7-msft-cve-2024-38077 detected on 
VIT96623662 - HighXYZR7-msft-cve-2024-38074 detected on 
VIT96623672 - HighXYZR7-msft-cve-2024-38076 detected on ics028159223
VIT96622652 - HighXYZR7-msft-cve-2024-38077 detected on 
VIT96622602 - HighXYZR7-msft-cve-2024-38074 detected on 

 

I need a table with comments in the status column ( The comments are static either there is no action or i have to fix in next release or exception ) so only 3 Can i give that as a dropdown and then select that Vulnerability and assign status from drop down Status

 

Status_dropdown

No Action

Fix in next release

Exception Raised

 

 

dv_numberdv_risk_ratingdv_assignment_groupshort_descriptionstatus
VIT96623682 - HighXYZR7-msft-cve-2024-38077 detected on No action
VIT96623662 - HighXYZR7-msft-cve-2024-38074 detected on Fix in next release 
VIT96623672 - HighXYZR7-msft-cve-2024-38076 detected on Exception Raised
VIT96622652 - HighXYZR7-msft-cve-2024-38077 detected on Fix in next release 
VIT96622602 - HighXYZR7-msft-cve-2024-38074 detected on No action
Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-01-2024 06:04 AM

But this "comment" should be saved somehow or what? Where would it come from?

0 Karma
Reply

deepthi5
Path Finder
‎08-01-2024 07:06 AM

yes the comment should be saved 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-01-2024 05:36 AM

Hi @deepthi5 ,

you have to create a lookup containing all the rows from your search,

then in a dashboard you must have two panels:

the first that list all the rows of your lookup, then choosing one row to update, using a dropdown input you can update that row in the lookup.

remember to use a kv-store and not a csv lookup.

It isn't so easy, but the process is the one I described.

here you can find a sample for a similar request I shared some months ago: https://community.splunk.com/t5/Dashboards-Visualizations/Dynamically-Update-a-lookup-file-on-click-... 

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...