Hi Team,
I have the table in my dashboard as below:
Age Approval Name
61 | Approve | Sujata |
29 | Approve | Linus |
33 | Approve | Karina |
56 | Approve | Rama |
Requirement is to update the Approve to Approved once user click on a particular row and the output should like like below:
Age Approval Name
61 | Approved | Sujata |
29 | Approve | Linus |
33 | Approve | Karina |
56 | Approve | Rama |
Hi @Veerendra,
the requirement isn't so easy to solve because Splunk isn't a transactional Database.
Yo have three solutions:
1) use the Splunk Lookup Editor to manually modify the value whitout any control (easy) .
2) create a java script that updates the lookup and a dashboard that uses the JS, (complicated also to describe).
3) create some panels in the dashboard to update the lookup
I describe the third one: in few words, you should:
It's difficoult to give more infos.
Ciao.
Giuseppe
Hi @gcusello
is it possible for you to provide a sample code of what you want me to do in the 3rd scenario.
Hi @Veerendra,
it's a sample that I had to simplify, but you can see the approach:
<form script="run_action.js" theme="light" version="1.1">
<label>Manage All Cases</label>
<fieldset submitButton="false" autoRun="false">
<input type="radio" token="resetTokens" searchWhenChanged="true">
<label/>
<choice value="reset">Reset Inputs</choice>
<choice value="retain">Retain</choice>
<default>reset</default>
<change>
<condition value="reset">
<unset token="_key"/>
<unset token="timestamp"/>
<unset token="alertname"/>
<unset token="description"/>
<unset token="status"/>
<unset token="notes"/>
<unset token="username"/>
<unset token="status_to_update"/>
<unset token="notes_to_update"/>
<unset token="username_to_update"/>
<unset token="status_updated"/>
<unset token="notes_updated"/>
<unset token="username_updated"/>
<unset token="form._key"/>
<unset token="form.timestamp"/>
<unset token="form.alertname"/>
<unset token="form.description"/>
<unset token="form.status"/>
<unset token="form.notes"/>
<unset token="form.user"/>
<unset token="form.status_to_update"/>
<unset token="form.notes_to_update"/>
<unset token="form.username_to_update"/>
<unset token="form.status_updated"/>
<unset token="form.notes_updated"/>
<unset token="form.username_updated"/>
<set token="resetTokens">retain</set>
<set token="form.resetTokens">retain</set>
</condition>
</change>
</input>
</fieldset>
<row>
<panel>
<input type="dropdown" token="User_Name">
<label>User Name</label>
<choice value="*" OR NOT User_Name="*">All</choice>
<prefix>User_Name="</prefix>
<suffix>"</suffix>
<fieldForLabel>User_Name</fieldForLabel>
<fieldForValue>User_Name</fieldForValue>
<search>
<query>
| inputlookup open_cases
| dedup User_Name
| sort User_Name
| table User_Name
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<default>*" OR NOT User_Name="*</default>
</input>
<input type="dropdown" token="Status">
<label>Status</label>
<choice value="*">All</choice>
<prefix>Status="</prefix>
<suffix>"</suffix>
<fieldForLabel>Status</fieldForLabel>
<fieldForValue>Status</fieldForValue>
<search>
<query>
| inputlookup open_cases WHERE Status!="Escalation"
| dedup Status
| sort Status
| table Status
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<default>*</default>
</input>
<input type="dropdown" token="Alert_Name">
<label>Alert Name</label>
<choice value="*">All</choice>
<prefix>Alert_Name="</prefix>
<suffix>"</suffix>
<fieldForLabel>Alert_Name</fieldForLabel>
<fieldForValue>Alert_Name</fieldForValue>
<search>
<query>
| inputlookup open_cases
| dedup Alert_Name
| sort Alert_Name
| table Alert_Name
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<default>*</default>
</input>
<table id="master">
<title>Total All Cases = $server_count$</title>
<search>
<query>
| inputlookup open_cases WHERE $User_Name$ $Status$ $Alert_Name$ Status!="Escalation"
| eval Time=strftime(TimeStamp,"%d/%m/%Y %H:%M:%S"), key=_key
| table key Time Alert_Name Description Status Notes User_Name TimeStamp
</query>
<!--<earliest>$Time.earliest$</earliest>
<latest>$Time.latest$</latest>-->
<sampleRatio>1</sampleRatio>
<progress>
<set token="server_count">$job.resultCount$</set>
</progress>
<cancelled>
<unset token="server_count"/>
</cancelled>
</search>
<option name="count">10</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
<fields>["_key","Time","Alert_Name","Description","Status","Notes","User_Name"]</fields>
<drilldown>
<set token="key">$row.key$</set>
<set token="timestamp">$row.TimeStamp$</set>
<set token="alertname">$row.Alert_Name$</set>
<set token="description">$row.Description$</set>
<set token="status">$row.Status$</set>
<set token="notes">$row.Notes$</set>
<set token="username">$row.User_Name$</set>
</drilldown>
</table>
</panel>
</row>
<row>
<panel>
<title>Modify Row</title>
<input type="dropdown" token="status_to_update">
<label>Status</label>
<default>$status$</default>
<search>
<query/>
</search>
<choice value="Closed">Closed</choice>
<choice value="Work-in-progress">Work-in-progress</choice>
<choice value="Escalation">Escalation</choice>
<choice value="Stand-By">Stand-By</choice>
</input>
<input type="text" token="notes_to_update">
<label>Add Notes</label>
<default>$notes$</default>
</input>
<table id="detail" depends="$key$">
<title>Row to modify</title>
<search>
<query>
| makeresults 1
| eval key="$key$", TimeStamp="$timestamp$", Alert_Name="$alertname$", Description="$description$", Status="$status_to_update$", Notes="$notes_to_update$", Time=strftime($timestamp$,"%d/%m/%Y %H:%M:%S"), User_Name="$username$"
| table key Time TimeStamp Alert_Name Description Status Notes User_Name
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<fields>_key,Time,Alert_Name,Description,Status,Notes,User_Name</fields>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
<drilldown>
<set token="status_updated">$row.Status$</set>
<set token="notes_updated">$row.Notes$</set>
<set token="username_updated">$row.User_Name$</set>
</drilldown>
</table>
</panel>
</row>
<row>
<panel>
<table id="detail2" depends="$status_to_update$">
<title>Modified Lookup row</title>
<search>
<query>
| inputlookup open_cases
| eval
Status=if(_key="$key$","$status_updated$",Status),
Notes=if(_key="$key$","$notes_updated$",Notes),
User_Name=if(_key="$key$","$username_updated$",User_Name)
| search _key="$key$"
| outputlookup open_cases append=true
| eval key=_key
| eval Time=strftime(TimeStamp,"%d/%m/%Y %H:%M:%S"), key=_key
| table key Time TimeStamp Alert_Name Description Status Notes User_Name
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<fields>_key,Time,Alert_Name,Description,Status,Notes,User_Name</fields>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
</form>
My use case was more complicated that you because I had to manually modify some fields, in your use case you can automaticall update the values.
I hope that this can help.
Ciao.
Giuseppe
@gcusello Thanks for the sample code,
I would like to ask can we do the same in single panel.
where we click the record and it will be updated in the same panel?
Hi @Veerendra ,
no, the solution to have all in one panel is to use a JS, this is a workaround that I created to avoid to use JS.
Ciao.
Giuseppe
Okey Thank you, and what is this _key that you have used?
Hi @gcusello
could you please send me the lookup file you are using
Hi @Veerendra,
the lookup isn't relevant, it depends on the fields you have.
You have to adapt the code I sent to your lookup, nt the lookup to the code.
Ciao.
Giuseppe