Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Add a column with comments in the table and update it accourding to drop down

deepthi5
Path Finder
‎08-01-2024 05:19 AM

Hello All,

I have a dashboard for vulnerability tracking but i would like to add some custom changes for example 

Vuln_numberdv_risk_ratingdv_assignment_groupshort_description
VIT96623682 - HighXYZR7-msft-cve-2024-38077 detected on 
VIT96623662 - HighXYZR7-msft-cve-2024-38074 detected on 
VIT96623672 - HighXYZR7-msft-cve-2024-38076 detected on ics028159223
VIT96622652 - HighXYZR7-msft-cve-2024-38077 detected on 
VIT96622602 - HighXYZR7-msft-cve-2024-38074 detected on 

 

I need a table with comments in the status column ( The comments are static either there is no action or i have to fix in next release or exception ) so only 3 Can i give that as a dropdown and then select that Vulnerability and assign status from drop down Status

 

Status_dropdown

No Action

Fix in next release

Exception Raised

 

 

dv_numberdv_risk_ratingdv_assignment_groupshort_descriptionstatus
VIT96623682 - HighXYZR7-msft-cve-2024-38077 detected on No action
VIT96623662 - HighXYZR7-msft-cve-2024-38074 detected on Fix in next release 
VIT96623672 - HighXYZR7-msft-cve-2024-38076 detected on Exception Raised
VIT96622652 - HighXYZR7-msft-cve-2024-38077 detected on Fix in next release 
VIT96622602 - HighXYZR7-msft-cve-2024-38074 detected on No action
Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-01-2024 06:04 AM

But this "comment" should be saved somehow or what? Where would it come from?

0 Karma
Reply

deepthi5
Path Finder
‎08-01-2024 07:06 AM

yes the comment should be saved 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-01-2024 05:36 AM

Hi @deepthi5 ,

you have to create a lookup containing all the rows from your search,

then in a dashboard you must have two panels:

the first that list all the rows of your lookup, then choosing one row to update, using a dropdown input you can update that row in the lookup.

remember to use a kv-store and not a csv lookup.

It isn't so easy, but the process is the one I described.

here you can find a sample for a similar request I shared some months ago: https://community.splunk.com/t5/Dashboards-Visualizations/Dynamically-Update-a-lookup-file-on-click-... 

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...