Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to fill text box and write to external file through dashboard form input

lies2yk
Observer
‎09-16-2014 03:19 AM

Hi all,
i need to give possibility to users to fill two text box and then write the value in one external lookup file put in the lookup directory
The form dashboard is quite simply: [TEXT-BOX1] [TEXT-BOX2] SubmitButton

I read this post:
http://answers.splunk.com/answers/64502/i-want-to-modify-lookup-file-directly-through-the-dashboard....
but i'm not familiar with python so that is what i do:

1) I create a simple script called input.py and put in bin/ directory:

input1 = input(test1)
input2 = input(test2)
#file = open("/opt/splunk/etc/apps/<myApp>/lookups/testinput.csv", "w")
file.write(input1 + "," + input2 + "\n") #still the \n for separating lines in the file
file.write("\n".join((input1,input2,)))
file.close()

2) I create a commands.conf and put in local/ directory

 [input]
 filename = /opt/splunk/etc/apps/<myApp>/bin/input.py

Now the questions are:
1) Is correct the script as i wrote? (if not, please can indicate me how i write the correct code)
2) How i can recall the stanza in my dashboard form?
The code of the dashboard is:

<form>
  <label>Input Form</label>
  <fieldset submitButton="true" autoRun="false">
    <input type="text" token="input1">
      <label>INPUT 1</label>
    </input>
    <input type="text" token="input2">
      <label>INPUT2</label>
    </input>
  </fieldset>
</form>

Thank you for your support

0 Karma
Reply

aagro
Path Finder
‎01-15-2016 03:00 AM

Under the statment xml fieldset declaration, you have to insert the search via your phyton script :

<form>
   <label>Input Form</label>
   <fieldset submitButton="true" autoRun="false">
     <input type="text" token="input1">
       <label>INPUT 1</label>
     </input>
   <input type="text" token="input2">
       <label>INPUT2</label>
   </input>
  </fieldset>
\</form>
#####   HERE INSERT THE SEARCH VIA PYTHON SCRIPT
<search>
    <query>|  input  "$input1$" "$input2$"</query>  
    <earliest></earliest>
    <latest></latest>
</search>

Regards,
Antonio

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎09-16-2014 03:41 AM

Have you considered using a combination of the inputlookup and outputlookup search commands?

Here's a detailed example: http://blogs.splunk.com/2011/01/11/maintaining-state-of-the-union/

Additionally, if you're just looking for a way to edit lookups through the UI, take a look at Luke's Lookup File Editor app at http://apps.splunk.com/app/1724/

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...