Dashboards & Visualizations

Dashboard form to create a new event type

Path Finder

Hello all,

I have a dashboard that contains a panel with 'Statistics Table' visualization of search results.
I use that type of visualization to have a list of 10 single-line records per page.
I don't like the 'Events' view due to its size, my events contain large fields so it would result in huge rows which is not very convenient for users to view.
I also have a couple of panels with the selected event details.

What I want is to have an option to create an event type based on some fields from my search results right in the dashboard or in a separate window opened from the dashboard.

I know I can add a panel with the 'Events' view which will have a button with workflow actions under the event row but it will not look suitable there and besides, I think I don't have control over the displayed fields.

If only I could have a button which would collect data from input components and create a new event type, or at least a drilldown action for any visual object which would result into opening an event type builder window, then it would be great.

Does anyone have any suggestions on this?

Thank you.

0 Karma

SplunkTrust
SplunkTrust

Hi @sbarinov,

Try this , you need change the splunk search url

<dashboard>
  <row>
    <panel>
      <table>
        <search>
          <query>index=_internal</query>
          <earliest>-5m@m</earliest>
          <latest>now</latest>
          <done>
            <eval token="SID">$job.sid$</eval>
          </done>
        </search>
        <option name="count">10</option>
        <option name="drilldown">cell</option>
        <drilldown>
          <link target="_blank">http://localhost:8000/en-US/etb?sid=$SID$&amp;offset=0&amp;namespace=search</link>
        </drilldown>
      </table>
    </panel>
  </row>
</dashboard>

Path Finder

Thank you.
It would be nice to have an option to replace the generated 'Event type search' field but I guess there is no way to do that.

0 Karma

SplunkTrust
SplunkTrust

Thats a splunk generated message.

0 Karma

Path Finder

I realized that I can create a drilldown to /manager/search/saved/eventtypes/_new?ns=search&action=edit
But I can't transfer any data from my search results to the form fields.
This will be my last resort in case if there is no other options.

0 Karma