Dashboards & Visualizations
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Add a column with comments in the table and update it accourding to drop down

deepthi5
Path Finder
‎08-01-2024 05:19 AM

Hello All,

I have a dashboard for vulnerability tracking but i would like to add some custom changes for example 

Vuln_numberdv_risk_ratingdv_assignment_groupshort_description
VIT96623682 - HighXYZR7-msft-cve-2024-38077 detected on 
VIT96623662 - HighXYZR7-msft-cve-2024-38074 detected on 
VIT96623672 - HighXYZR7-msft-cve-2024-38076 detected on ics028159223
VIT96622652 - HighXYZR7-msft-cve-2024-38077 detected on 
VIT96622602 - HighXYZR7-msft-cve-2024-38074 detected on 

 

I need a table with comments in the status column ( The comments are static either there is no action or i have to fix in next release or exception ) so only 3 Can i give that as a dropdown and then select that Vulnerability and assign status from drop down Status

 

Status_dropdown

No Action

Fix in next release

Exception Raised

 

 

dv_numberdv_risk_ratingdv_assignment_groupshort_descriptionstatus
VIT96623682 - HighXYZR7-msft-cve-2024-38077 detected on No action
VIT96623662 - HighXYZR7-msft-cve-2024-38074 detected on Fix in next release 
VIT96623672 - HighXYZR7-msft-cve-2024-38076 detected on Exception Raised
VIT96622652 - HighXYZR7-msft-cve-2024-38077 detected on Fix in next release 
VIT96622602 - HighXYZR7-msft-cve-2024-38074 detected on No action
Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-01-2024 06:04 AM

But this "comment" should be saved somehow or what? Where would it come from?

0 Karma
Reply

deepthi5
Path Finder
‎08-01-2024 07:06 AM

yes the comment should be saved 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-01-2024 05:36 AM

Hi @deepthi5 ,

you have to create a lookup containing all the rows from your search,

then in a dashboard you must have two panels:

the first that list all the rows of your lookup, then choosing one row to update, using a dropdown input you can update that row in the lookup.

remember to use a kv-store and not a csv lookup.

It isn't so easy, but the process is the one I described.

here you can find a sample for a similar request I shared some months ago: https://community.splunk.com/t5/Dashboards-Visualizations/Dynamically-Update-a-lookup-file-on-click-... 

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...

Enterprise Security Content Update (ESCU) | New Releases

In March, the Splunk Threat Research Team had 2 releases of security content via the Enterprise Security ...
Top