Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk dashboard

Srini_551
Loves-to-Learn Everything
‎07-24-2024 09:24 AM

Hi All,

Please help me to solve the below queries in splunk classic dashboard

query1:  For example, we have created a table for each alert in splunk with all the alert details as individual columns like alertid,alertname,alerttime,alertsummary,alertdescription etc. in a Splunk classic dashboard. So now how to add extra column as comment in above splunk table and manually enter the values in the column in each row and save it in lookup file.

 

query2: is it possible to add editable column in a splunk table and save the response in lookup table.if yes help me to implement the same in dashboard.

Labels (3)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-24-2024 11:51 PM

Hi @Srini_551 ,

as @marnall said, Splunk isn't a tool for updating data because it doesn't use a database table, but you could use one of these workarounds to solve your needs:

1)

schedule a search that updates your lookup with the new alerts and access the lookup using the Splunk Lookup Editor App.

2)

create a dashboard in wich you have two panels:

one with all the alerts, so you can choose the alert to modify, then in the second panel, you display the selected row and, using a text input, you can update the row, at the end you can sabe the raw in the lookup.

this solution runs only if you are using a kvstore that record a key for each row.

First solution is easier to implement, but you must use the Splunk Lookup Editor App as interface.

Ciao.

Giuseppe

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎07-24-2024 11:28 PM

If you wanted to update your lookup from the dashboard you'd need to make some (details would depend on your particular use case) search using existing lookup contents and the entered values and end it with the outputlookup command.

0 Karma
Reply

marnall
Motivator
‎07-24-2024 02:22 PM

I'm not aware of an app that can make an editable column in a table which would save to a lookup table. It sounds like a nice idea.

Best thing I can suggest is to use a lookup in your search and then near the table you can put a link to the lookup table when viewed with the lookup editor app. This way, users can see the comments in the table, then click on the link to open the lookup editor and make new comments. (assuming the permissions allow it.)

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...