Dashboards & Visualizations

How I can write several lines in a csv through a dashboard

mah
Builder

Hi 

I have 2 problems on my dashboard which is like that : 

mah_0-1608730005593.png

The goal of this dashboard is that a user can create maintenance windows. He must enter several values ​​present at the input level and submit send everything in the csv using the "submit" button.


First problem: the "submit" button must be included in the panel because I have another panel on the same dashboard with the same principle but for the removal of the maintenance window. However splunk has a limit with the "submit" button which natively cannot be included in a panel ... So I looked and found this use case (https://community.splunk.com/t5/Dashboards-Visualizations/Submit-button-per-panel-in-Simple-XML/m-p/...) which gives a .js script but after applying it in my app, I find that it does not work.

Actually I don't know how to make the button.js works ... (the button.js has got the code find in the below link)

Here is my xml : 

<form script="button.js,multiselect_force_default.js">
<label>Maintenance Windows</label>
<row>
<panel>
<title>Create Maintenance Windows</title>
<input type="multiselect" token="application_tok" searchWhenChanged="true">
<label>Application</label>
<choice value="*">ANY</choice>
<default>*</default>
<fieldForLabel>app</fieldForLabel>
<fieldForValue>app</fieldForValue>
<search>
<query>index=AAA sourcetype="BBB"
| table tags{}.key
| rex field=tags{}.key "\[env\]\:(?&lt;env&gt;\S+)|\[app\]\:(?&lt;app&gt;\S+)"
| fields app
| dedup app
| sort app</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<delimiter></delimiter>
</input>
<input type="multiselect" token="environment_tok" searchWhenChanged="true">
<label>Environment</label>
<choice value="*">ANY</choice>
<default>*</default>
<fieldForLabel>env</fieldForLabel>
<fieldForValue>env</fieldForValue>
<search>
<query>index=AAA sourcetype="BBB"
| table tags{}.key
| rex field=tags{}.key "\[env\]\:(?&lt;env&gt;\S+)|\[app\]\:(?&lt;app&gt;\S+)"
| search env!=""
| fields env
| dedup env
| sort env</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<delimiter> </delimiter>
</input>
<input type="text" token="start" searchWhenChanged="false">
<label>Start Time (yyyy-mm-dd HH:MM)</label>
</input>
<input type="text" token="end" searchWhenChanged="false">
<label>End Time (yyyy-mm-dd HH:MM)</label>
</input>
<html>
<input type="button" value="submit" />
</html>
<table>
<search>
<query>| makeresults
| eval dummy="true"
| fields - dummy
| eval Application="$application_tok$", Environment="$environment_tok$", Start="$start$", End="$end$"
| fields - _time
| table Application Environment Start End
| outputlookup create_maintenance.csv</query>
<earliest>0</earliest>
<latest></latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>

Second problem: I cannot enter multiple lines in the csv : here is the query : 

| makeresults
| eval dummy="true"
| fields - dummy
| eval Application="$application_tok$", Environment="$environment_tok$", Start="$start$", End="$end$"
| fields - _time
| table Application Environment Start End
| outputlookup create_maintenance.csv

Can you help me please ? 

Labels (1)
Tags (1)
0 Karma

to4kawa
Ultra Champion

For second problem:

 

<form>
  <label>multi dynamic select</label>
  <search id="base_csv">
    <query>| inputlookup geo_attr_us_states.csv
| rex field=state_name "(?&lt;Capital&gt;\w)"
</query>
    <earliest>0</earliest>
    <latest></latest>
  </search>
  <fieldset submitButton="false">
    <input type="dropdown" token="field1">
      <label>field1</label>
      <fieldForLabel>Capital_string</fieldForLabel>
      <fieldForValue>Capital</fieldForValue>
      <search base="base_csv">
        <query>| stats values(Capital) as Capital |mvexpand Capital | eval Capital_string=Capital</query>
      </search>
      <change>
        <condition>
          <unset token="field3"></unset>
        </condition>
      </change>
    </input>
    <input type="multiselect" token="field3" searchWhenChanged="true">
      <label>field3</label>
      <search base="base_csv">
        <query>| search Capital="$field1$"
| table state_code
| eval state_code_name=state_code</query>
      </search>
      <valuePrefix>"</valuePrefix>
      <valueSuffix>"</valueSuffix>
      <delimiter>,</delimiter>
      <fieldForLabel>state_code_name</fieldForLabel>
      <fieldForValue>state_code</fieldForValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search base="base_csv">
          <query>| search state_code IN ($field3$)</query>
        </search>
      </table>
    </panel>
  </row>
</form>

 

check field3 token.

0 Karma

mah
Builder

Hi @to4kawa 

Ok I understand the tips, but your solution facing the same problem : I want to append all lines I selected with inputs. Your solution, as mine, shows only one line at a time. 

And for the firs issue : how cans I add the submit button in the panel based on your code ?  

Thanks a lot !

0 Karma
Get Updates on the Splunk Community!

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...