Dashboards & Visualizations

How I can write several lines in a csv through a dashboard

mah
Builder

Hi 

I have 2 problems on my dashboard which is like that : 

mah_0-1608730005593.png

The goal of this dashboard is that a user can create maintenance windows. He must enter several values ​​present at the input level and submit send everything in the csv using the "submit" button.


First problem: the "submit" button must be included in the panel because I have another panel on the same dashboard with the same principle but for the removal of the maintenance window. However splunk has a limit with the "submit" button which natively cannot be included in a panel ... So I looked and found this use case (https://community.splunk.com/t5/Dashboards-Visualizations/Submit-button-per-panel-in-Simple-XML/m-p/...) which gives a .js script but after applying it in my app, I find that it does not work.

Actually I don't know how to make the button.js works ... (the button.js has got the code find in the below link)

Here is my xml : 

<form script="button.js,multiselect_force_default.js">
<label>Maintenance Windows</label>
<row>
<panel>
<title>Create Maintenance Windows</title>
<input type="multiselect" token="application_tok" searchWhenChanged="true">
<label>Application</label>
<choice value="*">ANY</choice>
<default>*</default>
<fieldForLabel>app</fieldForLabel>
<fieldForValue>app</fieldForValue>
<search>
<query>index=AAA sourcetype="BBB"
| table tags{}.key
| rex field=tags{}.key "\[env\]\:(?&lt;env&gt;\S+)|\[app\]\:(?&lt;app&gt;\S+)"
| fields app
| dedup app
| sort app</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<delimiter></delimiter>
</input>
<input type="multiselect" token="environment_tok" searchWhenChanged="true">
<label>Environment</label>
<choice value="*">ANY</choice>
<default>*</default>
<fieldForLabel>env</fieldForLabel>
<fieldForValue>env</fieldForValue>
<search>
<query>index=AAA sourcetype="BBB"
| table tags{}.key
| rex field=tags{}.key "\[env\]\:(?&lt;env&gt;\S+)|\[app\]\:(?&lt;app&gt;\S+)"
| search env!=""
| fields env
| dedup env
| sort env</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<delimiter> </delimiter>
</input>
<input type="text" token="start" searchWhenChanged="false">
<label>Start Time (yyyy-mm-dd HH:MM)</label>
</input>
<input type="text" token="end" searchWhenChanged="false">
<label>End Time (yyyy-mm-dd HH:MM)</label>
</input>
<html>
<input type="button" value="submit" />
</html>
<table>
<search>
<query>| makeresults
| eval dummy="true"
| fields - dummy
| eval Application="$application_tok$", Environment="$environment_tok$", Start="$start$", End="$end$"
| fields - _time
| table Application Environment Start End
| outputlookup create_maintenance.csv</query>
<earliest>0</earliest>
<latest></latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>

Second problem: I cannot enter multiple lines in the csv : here is the query : 

| makeresults
| eval dummy="true"
| fields - dummy
| eval Application="$application_tok$", Environment="$environment_tok$", Start="$start$", End="$end$"
| fields - _time
| table Application Environment Start End
| outputlookup create_maintenance.csv

Can you help me please ? 

Labels (1)
Tags (1)
0 Karma

to4kawa
Ultra Champion

For second problem:

 

<form>
  <label>multi dynamic select</label>
  <search id="base_csv">
    <query>| inputlookup geo_attr_us_states.csv
| rex field=state_name "(?&lt;Capital&gt;\w)"
</query>
    <earliest>0</earliest>
    <latest></latest>
  </search>
  <fieldset submitButton="false">
    <input type="dropdown" token="field1">
      <label>field1</label>
      <fieldForLabel>Capital_string</fieldForLabel>
      <fieldForValue>Capital</fieldForValue>
      <search base="base_csv">
        <query>| stats values(Capital) as Capital |mvexpand Capital | eval Capital_string=Capital</query>
      </search>
      <change>
        <condition>
          <unset token="field3"></unset>
        </condition>
      </change>
    </input>
    <input type="multiselect" token="field3" searchWhenChanged="true">
      <label>field3</label>
      <search base="base_csv">
        <query>| search Capital="$field1$"
| table state_code
| eval state_code_name=state_code</query>
      </search>
      <valuePrefix>"</valuePrefix>
      <valueSuffix>"</valueSuffix>
      <delimiter>,</delimiter>
      <fieldForLabel>state_code_name</fieldForLabel>
      <fieldForValue>state_code</fieldForValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search base="base_csv">
          <query>| search state_code IN ($field3$)</query>
        </search>
      </table>
    </panel>
  </row>
</form>

 

check field3 token.

0 Karma

mah
Builder

Hi @to4kawa 

Ok I understand the tips, but your solution facing the same problem : I want to append all lines I selected with inputs. Your solution, as mine, shows only one line at a time. 

And for the firs issue : how cans I add the submit button in the panel based on your code ?  

Thanks a lot !

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...