Dashboards & Visualizations

Selecting Multiple Fields Simultaneously??

gmark
Explorer

Is there a way to select multiple items simultaneously (either with a swipe or by, say, checking multiple boxes) on a page using XML?

0 Karma

jeffland
SplunkTrust
SplunkTrust

To answer your comment, this is fully possibly in the editor (with little of the settings applied directly in the Simple XML). Have a look at the dashboard examples app to see a multiselect in action (Form input elemets - multiple selection). The search that powers the dynamic options of the multiselect works with tokens just like any other search, so you could have all your text input tokens apply to it just like you apply them to the search that powers the dashboard panel.
For the submit button, add submitButton="true" to the fieldset containing your inputs.

0 Karma

gmark
Explorer

Wow -- excellent. I'm on this right away and will hopefully not be too annoying with more questions! Thanks!!

0 Karma

jeffland
SplunkTrust
SplunkTrust

Don't worry about asking questions, they're always welcome 🙂
But please post your comments as comments, not answers - I've moved your answer to a comment for now.

0 Karma

gmark
Explorer

That sounds pretty much exactly what I want, however, being a newbie to this, I have no idea how to do that. Would this need to be implemented by using another language, or is it possible to do with the editor or directly editing XML?

0 Karma

gmark
Explorer

I've got to look into this so I can ask better questions. But right now I would like to know if there is a way to interface a scripting language, such as Bash or Python, to Splunk, perhaps via an SDK. What I'm after is a way to use what I know about those languages to add features (like fancier multi-selects and such) to Splunk dashboards. I'd guess the best way is to get an overview of the Splunk API that I'd be using -- maybe an SDK for that language.

So my question is, where would you recommend I start with this goal in mind?

0 Karma

jeffland
SplunkTrust
SplunkTrust

Maybe here?

0 Karma

gmark
Explorer

Perhaps there's a better way of displaying this. Perhaps there's some way to replace this with, or branch from this with, BASH or Python code to dynamically generate the second part of this multiple times, with the user's choice for each of the items pre-set based on items in the first list having their check-boxes set on the first page?

0 Karma

jeffland
SplunkTrust
SplunkTrust

Unfortunately, I can't entirely follow your code. But judging from your textual description of what you want to do, you could simply use a multiselect with a submit button (so it doesn't submit on change) for that. The selection of available entries for the multiselect can be filtered just like you do with your search above.

0 Karma

gmark
Explorer

Here is the code that generates the list of records that may be selected:

Fallouts

<table>
  <search>
    <query>index="filler-matteshadesuccess" DAMAGE="RECOMMENDED PLANT" earliest=-2h latest=now| join type=left PLANT_ID TREE_HEDGE_ID WARN COLOR PPR [search index=response | stats latest(OKAY) AS OKAY by PLANT_ID TREE_HEDGE_ID WARN COLOR PPR ]  | table  _areaperiod TREE_HEDGE_ID TREE_HEDGE_NAME PLANT_ID WARN COLOR TREE_NAME TREE_VALUE PPR PROBLEM FALLOUT-ONE OKAY | search NOT OKAY=Accepted | search NOT OKAY=Demoted | fields - OKAY</query>
    <earliest>0</earliest>
    <latest></latest>
  </search>
  <option name="linkView">search</option>
  <option name="wrap">true</option>
  <option name="rowNumbers">false</option>
  <option name="dataOverlayMode">none</option>
  <option name="count">20</option>
  <drilldown>
    <link>
      <![streaming[/app/filler-matte/drilldown?form.PLANT_ID=$row.PLANT_ID$&form.TREE_HEDGE_ID=$row.TREE_HEDGE_ID$&form.WARN=$row.WARN$&form.COLOR=$row.COLOR$&form.PPR=$row.PPR$]]>
    </link>
  </drilldown>
  <option name="drilldown">identifier1</option>
</table>

And here is the code that allows the user to actually respond to that single selection:

<input type="text" token="PLANT_ID"></input>
<input type="text" token="TREE_HEDGE_ID"></input>
<input type="text" token="WARN"></input>
<input type="text" token="COLOR"></input>
<input type="text" token="PPR"></input>
<input type="dropdown" token="response">
  <label>Select An Action:</label>
  <choice value="Accepted">Accepted</choice>
  <choice value="Demoted">Demoted</choice>
</input>


<panel>
  <table>
    <title>Current Issue:</title>
    <search>
      <query>index="filler-matteshadesuccess"| search DAMAGE="RECOMMENDED PLANT" PLANT_ID=$PLANT_ID$ TREE_HEDGE_ID=$TREE_HEDGE_ID$ WARN=$WARN$ COLOR=$COLOR$ PPR=$PPR$ | table  _areaperiod, TREE_HEDGE_ID ,TREE_HEDGE_NAME ,PLANT_ID ,TREE_NAME ,TREE_VALUE ,PROBLEM ,FALLOUT-ONE </query>
      <earliest>0</earliest>
      <latest></latest>
    </search>
    <option name="wrap">true</option>
    <option name="rowNumbers">false</option>
    <option name="drilldown">identifier1</option>
    <option name="dataOverlayMode">none</option>
    <option name="count">10</option>

  </table>
</panel>


<panel>
  <table>
    <search>
      <query>index=filler-matteshadesuccess | search PLANT_ID=$PLANT_ID$ TREE_HEDGE_ID=$TREE_HEDGE_ID$ WARN=$WARN$ COLOR=$COLOR$ PPR=$PPR$ | head 1 | eval OKAY="$response$"  | eval tnow=now()   | convert careaperiod(tnow) as TIMESTAMP | RENAME CONTROL AS CMD   | table TIMESTAMP, CMD, SOURCE_TYPE, VENDOR_NAME, TREE_HEDGE_ID, TREE_HEDGE_NAME, PLANT_ID, WARN, COLOR, PPR, OKAY | collect index=response | fields TIMESTAMP,CMD, SOURCE_TYPE, VENDOR_NAME, TREE_HEDGE_ID, TREE_HEDGE_NAME, PLANT_ID, WARN, COLOR, OKAY  | outputcsv append=true filler-matteshade</query>
      <earliest>0</earliest>
      <latest></latest>
    </search>
    <option name="wrap">true</option>
    <option name="rowNumbers">false</option>
    <option name="drilldown">identifier1</option>
    <option name="dataOverlayMode">none</option>
    <option name="count">10</option>
    <drilldown>
    <link target="_blank">
      <![streaming[/app/filler-matte/sample?form.tree_hedge_id=$row.TREE_HEDGE_ID$&form.identifier1_id1=$row.PLANT_ID$]]>
    </link>
  </drilldown>
  </table>
</panel>
0 Karma

jeffland
SplunkTrust
SplunkTrust

Please elaborate on what you want to achieve.

0 Karma

gmark
Explorer

We have a dashboard that has multiple entries visible. We generally have to click on an entry and then give a "yes" or "no" for each. This causes the application to forward each of these selections to another program. What we want to do is allow the user to select multiple items -- by checkboxes or swiping or clicking each of these to cause it to change color or whatever. THEN the user would be able to click something else and cause each of the selected entries to be sent at once to the application. Say, for 20 or so displayed lines, 1, 3, 5, 19 might be "checked", and hitting a "submit" button would cause those four entries to be sent to the application just as if the user had individually selected 1, submitted, selected 3, submitted, selected..... etc.. Pretty standard for lots of web pages, and something an SDK and another language might be used for to interface with Splunk. But is there a simpler or more straight-forward way? Or maybe someone could point me to an existing solution? Or show a simple solution? Seems like something a lot of folks would already need and use, right?

0 Karma

sideview
SplunkTrust
SplunkTrust

You mentioned I think that it's an XML dashboard - is it a Simple XML dashboard or a Sideview XML view? Both have a form control you can use to allow multiple selection in a pulldown menu, and I think to allow multiple checkbox selections (Sideview XML certainly has multiple options here I'm just not positive what simpleXML has for checkboxes).

And can you also confirm that your existing dashboard submits its data to an external web app? Even better, can you post your existing dashboard XML somewhere?

0 Karma
Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...