Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Add a column with comments in the table and update it accourding to drop down

deepthi5
Path Finder
‎08-01-2024 05:19 AM

Hello All,

I have a dashboard for vulnerability tracking but i would like to add some custom changes for example 

Vuln_numberdv_risk_ratingdv_assignment_groupshort_description
VIT96623682 - HighXYZR7-msft-cve-2024-38077 detected on 
VIT96623662 - HighXYZR7-msft-cve-2024-38074 detected on 
VIT96623672 - HighXYZR7-msft-cve-2024-38076 detected on ics028159223
VIT96622652 - HighXYZR7-msft-cve-2024-38077 detected on 
VIT96622602 - HighXYZR7-msft-cve-2024-38074 detected on 

 

I need a table with comments in the status column ( The comments are static either there is no action or i have to fix in next release or exception ) so only 3 Can i give that as a dropdown and then select that Vulnerability and assign status from drop down Status

 

Status_dropdown

No Action

Fix in next release

Exception Raised

 

 

dv_numberdv_risk_ratingdv_assignment_groupshort_descriptionstatus
VIT96623682 - HighXYZR7-msft-cve-2024-38077 detected on No action
VIT96623662 - HighXYZR7-msft-cve-2024-38074 detected on Fix in next release 
VIT96623672 - HighXYZR7-msft-cve-2024-38076 detected on Exception Raised
VIT96622652 - HighXYZR7-msft-cve-2024-38077 detected on Fix in next release 
VIT96622602 - HighXYZR7-msft-cve-2024-38074 detected on No action
Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-01-2024 06:04 AM

But this "comment" should be saved somehow or what? Where would it come from?

0 Karma
Reply

deepthi5
Path Finder
‎08-01-2024 07:06 AM

yes the comment should be saved 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-01-2024 05:36 AM

Hi @deepthi5 ,

you have to create a lookup containing all the rows from your search,

then in a dashboard you must have two panels:

the first that list all the rows of your lookup, then choosing one row to update, using a dropdown input you can update that row in the lookup.

remember to use a kv-store and not a csv lookup.

It isn't so easy, but the process is the one I described.

here you can find a sample for a similar request I shared some months ago: https://community.splunk.com/t5/Dashboards-Visualizations/Dynamically-Update-a-lookup-file-on-click-... 

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...