Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Add a column with comments in the table and update it accourding to drop down

deepthi5
Path Finder
‎08-01-2024 05:19 AM

Hello All,

I have a dashboard for vulnerability tracking but i would like to add some custom changes for example 

Vuln_numberdv_risk_ratingdv_assignment_groupshort_description
VIT96623682 - HighXYZR7-msft-cve-2024-38077 detected on 
VIT96623662 - HighXYZR7-msft-cve-2024-38074 detected on 
VIT96623672 - HighXYZR7-msft-cve-2024-38076 detected on ics028159223
VIT96622652 - HighXYZR7-msft-cve-2024-38077 detected on 
VIT96622602 - HighXYZR7-msft-cve-2024-38074 detected on 

 

I need a table with comments in the status column ( The comments are static either there is no action or i have to fix in next release or exception ) so only 3 Can i give that as a dropdown and then select that Vulnerability and assign status from drop down Status

 

Status_dropdown

No Action

Fix in next release

Exception Raised

 

 

dv_numberdv_risk_ratingdv_assignment_groupshort_descriptionstatus
VIT96623682 - HighXYZR7-msft-cve-2024-38077 detected on No action
VIT96623662 - HighXYZR7-msft-cve-2024-38074 detected on Fix in next release 
VIT96623672 - HighXYZR7-msft-cve-2024-38076 detected on Exception Raised
VIT96622652 - HighXYZR7-msft-cve-2024-38077 detected on Fix in next release 
VIT96622602 - HighXYZR7-msft-cve-2024-38074 detected on No action
Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-01-2024 06:04 AM

But this "comment" should be saved somehow or what? Where would it come from?

0 Karma
Reply

deepthi5
Path Finder
‎08-01-2024 07:06 AM

yes the comment should be saved 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-01-2024 05:36 AM

Hi @deepthi5 ,

you have to create a lookup containing all the rows from your search,

then in a dashboard you must have two panels:

the first that list all the rows of your lookup, then choosing one row to update, using a dropdown input you can update that row in the lookup.

remember to use a kv-store and not a csv lookup.

It isn't so easy, but the process is the one I described.

here you can find a sample for a similar request I shared some months ago: https://community.splunk.com/t5/Dashboards-Visualizations/Dynamically-Update-a-lookup-file-on-click-... 

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...