Dashboards & Visualizations
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk dashboard

Srini_551
Loves-to-Learn Everything
‎07-24-2024 09:24 AM

Hi All,

Please help me to solve the below queries in splunk classic dashboard

query1:  For example, we have created a table for each alert in splunk with all the alert details as individual columns like alertid,alertname,alerttime,alertsummary,alertdescription etc. in a Splunk classic dashboard. So now how to add extra column as comment in above splunk table and manually enter the values in the column in each row and save it in lookup file.

 

query2: is it possible to add editable column in a splunk table and save the response in lookup table.if yes help me to implement the same in dashboard.

Labels (3)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-24-2024 11:51 PM

Hi @Srini_551 ,

as @marnall said, Splunk isn't a tool for updating data because it doesn't use a database table, but you could use one of these workarounds to solve your needs:

1)

schedule a search that updates your lookup with the new alerts and access the lookup using the Splunk Lookup Editor App.

2)

create a dashboard in wich you have two panels:

one with all the alerts, so you can choose the alert to modify, then in the second panel, you display the selected row and, using a text input, you can update the row, at the end you can sabe the raw in the lookup.

this solution runs only if you are using a kvstore that record a key for each row.

First solution is easier to implement, but you must use the Splunk Lookup Editor App as interface.

Ciao.

Giuseppe

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎07-24-2024 11:28 PM

If you wanted to update your lookup from the dashboard you'd need to make some (details would depend on your particular use case) search using existing lookup contents and the entered values and end it with the outputlookup command.

0 Karma
Reply

marnall
Motivator
‎07-24-2024 02:22 PM

I'm not aware of an app that can make an editable column in a table which would save to a lookup table. It sounds like a nice idea.

Best thing I can suggest is to use a lookup in your search and then near the table you can put a link to the lookup table when viewed with the lookup editor app. This way, users can see the comments in the table, then click on the link to open the lookup editor and make new comments. (assuming the permissions allow it.)

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top