Dashboards & Visualizations

Simple XML: How to display search results within an HTML List?

dc595
Explorer

I'm looking to see if there's a solution to display a search result (1 event) using Simple XML. Is there a token that needs to be set for each return field? I'm using Splunk 6.3

In the required js stack, I noticed the ListElement, but there's isn't much documentation on this. Ideally I would like to display the results within HTML tags, however, alternatives are certainly welcomed.

I would like to display the results like the sudo code below

<row>
<panel>
<html>

FirstName: $result.fname$
LastName: $result.lname$
Email: $result.email$

</html>
</panel>
</row>

Thanks

0 Karma
1 Solution

frobinson_splun
Splunk Employee
Splunk Employee

Hi @dc595,
You might want to try using search tokens. You can use search tokens to access job metadata or information from the first results row returned.

Here is some documentation about working with search tokens:
http://docs.splunk.com/Documentation/Splunk/6.3.1/Viz/tokens#Define_search_tokens

You can also take a look at the Dashboard Examples app to see examples of using tokens with HTML (in particular, the "Custom Token Definitions" example):
https://splunkbase.splunk.com/app/1603/

Hope this helps! Let me know if you need other suggestions.

@frobinson_splunk

View solution in original post

ArthurGautesen
Path Finder

I'd agree with using search tokens. Here is something really simple but works.

<search>
   <query>|inputlookup In_progress.csv | eval Answer="In Progress" | table Answer</query>
   <earliest>-1s@s</earliest>
   <latest>now</latest>
   <finalized>
      <set token="ThisIsMyToken">$result.Answer$</set>
   </finalized>
</search>

This will put the value "In Progress" into the token $ThisIsMyToken$ which we can use in a panel down below.

The token is generated after the query completes, which is why I used a simple inputlookup to do this, and did not bother to collect anything from the .csv file

<row>
   <panel>
      <html>
         <p style="text-align:center; font-size:400%; color: #000000">
            Current Status  

            <div style="color: #73a550">
            $ThisIsMyToken$
            </div>
         </p>
      </html>
   </panel>
   <panel>
      <!-- more content goes here, if needed -->
   </panel>
   <panel>
      <!-- and even more content goes here, but only if needed -->
   </panel>
</row>

The first panel should only display two lines "Current Status" in black, and "In Progress" in green, but both in a larger font size, and centered in the panel.

You could also put a <table> and </table> in between the <html> and </html> objects if you needed to integrate more values in a table structure.

I hope this helps.

0 Karma

frobinson_splun
Splunk Employee
Splunk Employee

Hi @dc595,
You might want to try using search tokens. You can use search tokens to access job metadata or information from the first results row returned.

Here is some documentation about working with search tokens:
http://docs.splunk.com/Documentation/Splunk/6.3.1/Viz/tokens#Define_search_tokens

You can also take a look at the Dashboard Examples app to see examples of using tokens with HTML (in particular, the "Custom Token Definitions" example):
https://splunkbase.splunk.com/app/1603/

Hope this helps! Let me know if you need other suggestions.

@frobinson_splunk

dc595
Explorer

Yes it does help - I just successfully finished testing a panel with your suggestion. Thank you for your help

frobinson_splun
Splunk Employee
Splunk Employee

Awesome!! Really glad this worked for you.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...