Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to customize "Open in Search" query in dashboard panels bottom right?

amdosh
Explorer
‎06-13-2022 06:13 AM

The query that is generated by splunk is quite convoluted and I would like to provide my own query for this "Open In Search" on 1 of the panels in my dashboard. Is it possible to do so?

 

edit: Corrected to "Open in Search"

Labels (1)
Labels
Tags (2)
0 Karma
Reply

amdosh
Explorer
‎06-13-2022 07:42 AM

I was using a baseSearch in this case and realized it's going to be much better to not use it and fire a new search (as the baseSearch had a transaction in it).  I will keep these solutions in mind if similar issues going forward. Thanks for your responses. 

0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎06-13-2022 07:24 AM

@amdosh 

You can remove the existing "open in Seach menu" from Panel and add new one with your requirement using JS.

Can you please try below Example?

XML

<dashboard script="myJs.js">
  <label>Sample Dashboard</label>
  <row>
    <panel id="panel1">
      <table>
        <search id="search_1">
          <query>| makeresults count=5 | eval a=1| accum a </query>
        </search>
      </table>
      <html>
        <div id="controlpanel"></div>
      </html>
    </panel>
  </row>
</dashboard>

 

myJs.js

 

require([
    'underscore',
    'jquery',
    "splunkjs/mvc/resultslinkview",
    'splunkjs/mvc',
    'splunkjs/mvc/simplexml/ready!'
], function (_, $, ResultsLinkView, mvc) {


    $(document).ready(function () {

        $('#panel1 .menus').html("")
        
        var resultsLink = new ResultsLinkView({
            id: "resultsLink",
            managerid: "search_1",
            "link.openSearch.search": "index=test with custom SLP",
            "link.openSearch.searchEarliestTime": '0',
            "link.openSearch.searchLatestTime": 'now',
            el: $("#controlpanel")
        });

        resultsLink.render().$el.appendTo($("controlpanel"));


    });
});

 

Refer this document for more options.

https://docs.splunk.com/DocumentationStatic/WebFramework/1.5/compref_resultslinkview.html

 

Thanks
KV


If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-13-2022 07:04 AM

You can use a drilldown to open a search with a different search string, so rather than using the bottom right, the user clicks on the dashboard panel

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...