Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Dashboards & Visualizations
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Submit Button that populates lookup files & refres...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Submit Button that populates lookup files & refreshes dashboard
Barty
Explorer
07-29-2020
07:48 AM
Good afternoon all,
I likely am asking for the world here, but I'm a complete novice with JS and as such I'm falling apart with a challenge i've been presented with. Our Access Management team require a means to streamline their review process and seeing as the current format is to send out CSV reports to individual line managers, of their team's accesses for them to review and respond via email (all manually btw), I suggested that we may be able to utilise splunk as some form of approval means.
As such, we have two source files - one is the sailpoint access data and the other is a lookup file that permits for us to store an approval decision, date & time and any supporting notes. It's not pretty, I know, and for that I'm sorry - but it works (ish) and the team are very happy. As you can see from the xml - it presents the table data to the line manager and then they have dropdown options to approve or decline, then a notes section that's free text and then finally I am invoking those two tokens via a radio-button submit.
It works (in as much it updates the lookup file with the resulting tokens, but then the dashlets that present the data either have to be manually refreshed or I invoke an auto-refresh to display the changes.
The Challenge:
To make this MUCH much cleaner, I would much rather it be that upon the approval selectiona and notes being selected, the line manager could then simply press a 'Submit' button that would populate the lookup file with the necessary token values and also refresh the dashboard. I have found a splunk answers topic as to a refresh button for the dashboard, but I'm unsure how I would have that button also update the lookup file with the token values?? I'd really appreciate some help everyone. I can only apologise for how ropey the following source code may look to you all!
Source form:
<form>
<label>Access Management Recertification</label>
<description>A.M dashboard for user recertification</description>
<!-- Run only on Click on Submit -->
<search base="baseQuery">
<query>$tokQueryOutputLookup$</query>
</search>
<fieldset submitButton="false" autoRun="false"></fieldset>
<row>
<panel>
<table depends="$neverdisplay$">
<title>get a token</title>
<search>
<finalized>
<set token="loggedinuser">$result.title$</set>
</finalized>
<query>| rest /services/authentication/users splunk_server=local
| search
[| rest /services/authentication/current-context splunk_server=local
| rename username as title
| fields title, realname]</query>
<earliest>-60m</earliest>
<latest>now</latest>
</search>
<option name="count">10</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
<panel>
<table depends="$neverdisplay$">
<title>get a token</title>
<search>
<finalized>
<set token="loggedinusername">$result.realname$</set>
</finalized>
<query>| rest /services/authentication/users splunk_server=local
| search
[| rest /services/authentication/current-context splunk_server=local
| fields realname]</query>
<earliest>-60m</earliest>
<latest>now</latest>
</search>
<option name="count">10</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
<panel>
<title>Current Active Reviewer:</title>
<html>
<div class="custom-result-value">
<h1 style="font-size:200%;font-family:Arial">
<b>Name: </b>$loggedinusername$</h1>
</div>
<div class="custom-result-value">
<h1 style="font-size:200%;font-family:Arial">
<b>User ID: </b>$loggedinuser$</h1>
</div>
</html>
<html>
<title>Deadline</title>
<div class="custom-result-value">
<h1 style="font-size:200%;color:red;font-family:Arial">
<b>Deadline Date:</b>
</h1>
<p style="font-size:150%;">$lvfs_deadline$</p>
<h1 style="font-size:200%;color:green;font-family:Arial">
<b>Time Remaining: </b>
</h1>
<p style="font-size:150%;">$current_time$</p>
</div>
</html>
<html>
<ul>
<li>If the above name and username is <b>not</b> you, please contact the Performance Monitoring team via <b>
<a href="mailto:performancemonitoring@lv.com">email</a>
</b>.</li>
</ul>
</html>
</panel>
<panel>
<table depends="$neverdisplay$">
<title>Get Deadline</title>
<search>
<finalized>
<set token="lvfs_deadline">$result.Deadline$</set>
</finalized>
<query>index=layer7 earliest=now
| eval d2="2020-08-20 16:00"
| dedup d2
| stats values(d2) as Deadline</query>
<earliest>-1s</earliest>
<latest>now</latest>
</search>
<option name="count">10</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
<panel>
<table depends="$neverdisplay$">
<title>Get current Date</title>
<search>
<finalized>
<set token="current_time">$result.diff1$</set>
</finalized>
<query>index=layer7 earliest=now
| eval Today=strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")
| eval d2="2020-08-20 16:00:00.000"
| eval d1="2020-08-19 15:00:00.000"
| dedup d1
| eval it = strptime(Today, "%Y-%m-%d %H:%M:%S.%3N")
| eval ot = strptime(d1, "%Y-%m-%d %H:%M:%S.%3N")
| eval diff = tostring((ot - it), "duration")
| eval diff1 = strftime((ot - it), "%d Days %H Hours %M Minutes")
| table diff1</query>
<earliest>-60m</earliest>
<latest>now</latest>
</search>
<option name="count">10</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Employee Overview</title>
<html>
<style>
.dashboard-panel h2{
background:#426a75 !important;
color:white !important;
text-align: center !important;
font-weight: bold !important;
border-top-right-radius: 15px;
border-top-left-radius: 15px;
}
</style>
</html>
</panel>
</row>
<row>
<panel>
<single>
<title>Number of employees</title>
<search>
<query>| inputlookup sailpoint_access_approvals.csv
| search Manager="McDonald, Kelly"
| stats count</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</single>
<single>
<title>Number Approved</title>
<search>
<query>| inputlookup sailpoint_access_approvals.csv
| search Manager="$loggedinuser$"
| appendcols
[| inputlookup sailpoint_access_approvals_final.csv
| search Manager="McDonald, Kelly"
| rename Decision as decision_new
| sort -approval_time
| dedup "LV User ID"]
| eval Decision=if(isnull(decision_new),"No Decision",decision_new)
| search Decision="Approved"
| stats count</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<refresh>10s</refresh>
<refreshType>delay</refreshType>
</search>
<option name="drilldown">none</option>
<option name="rangeColors">["0xdc4e41","0x53a051"]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
</single>
<single>
<title>Number Declined</title>
<search>
<query>| inputlookup sailpoint_access_approvals.csv
| search Manager="McDonald, Kelly"
| appendcols
[| inputlookup sailpoint_access_approvals_final.csv
| search Manager="McDonald, Kelly"
| rename Decision as decision_new
| sort -approval_time
| dedup "LV User ID"]
| eval Decision=if(isnull(decision_new),"No Decision",decision_new)
| search Decision="Declined"
| stats count</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<refresh>10s</refresh>
<refreshType>delay</refreshType>
</search>
<option name="drilldown">none</option>
<option name="rangeColors">["0x53a051","0xdc4e41"]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
</single>
<single>
<title>Pending Approval</title>
<search>
<query>| inputlookup sailpoint_access_approvals.csv
| search Manager="McDonald, Kelly"
| appendcols
[| inputlookup sailpoint_access_approvals_final.csv
| search Manager="McDonald, Kelly"
| rename Decision as decision_new
| sort -approval_time
| dedup "LV User ID"]
| eval Decision=if(isnull(decision_new),"No Decision",decision_new)
| search Decision="No Decision"
| stats count</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<refresh>10s</refresh>
<refreshType>delay</refreshType>
</search>
<option name="drilldown">none</option>
<option name="rangeColors">["0x53a051","0xf8be34"]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
</single>
</panel>
</row>
<row>
<panel>
<chart>
<title>Approval Breakdown</title>
<search>
<query>| inputlookup sailpoint_access_approvals.csv
| search Manager="McDonald, Kelly"
| appendcols
[| inputlookup sailpoint_access_approvals_final.csv
| search Manager="McDonald, Kelly"
| rename Decision as decision_new
| sort -approval_time
| dedup "LV User ID"]
| eval Decision=if(isnull(decision_new),"No Decision",decision_new)
| stats count by Decision</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<refresh>10s</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">pie</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
<html>
<ul>
<li>The above represents a breakdown of the current access recertifications for your team.</li>
<li>Should any of the information above be incorrect, contact the Access Management team via <b>
<a href="mailto:CIOAccessManagement@lv.com">email</a>
</b>.</li>
</ul>
</html>
</panel>
<panel>
<html>
<ul>
<li>
<b>STEP 1:</b> Select the User ID of the employee you wish to review</li>
<li>
<b>STEP 2:</b> The employee access items will be displayed in the below panel, alongside the current decision and notes.</li>
<li>Should any of the information above be incorrect, please contact <b>
<a href="mailto:CIOAccessManagement@lv.com">HR</a>
</b> to have the necessary items amended in HeRo.</li>
</ul>
</html>
<table>
<search>
<query>| inputlookup sailpoint_access_approvals.csv
| search Manager="McDonald, Kelly"
| eval Decision=if(isnull(Decision),"No Decision",Decision)
| append
[| inputlookup sailpoint_access_approvals_final.csv
| search Manager="McDonald, Kelly"
| rename Decision as decision_new
| sort -approval_time
| dedup "LV User ID"]
| eval Decision=if(isnull(decision_new),"No Decision",decision_new)
| sort -approval_time, Decision
| table "LV User ID", "Display Name", "Job Title", "Maternity Break", Decision
| dedup "LV User ID"
| sort -"LV User ID"</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<refresh>2s</refresh>
<refreshType>delay</refreshType>
</search>
<option name="count">30</option>
<option name="drilldown">cell</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<set token="user_id">$click.value2$</set>
</drilldown>
</table>
</panel>
</row>
<row>
<panel>
<title>Selected User Review</title>
<html>
</html>
<html>
<ul>
<li>
<b>STEP 3:</b> Based upon the below information, select your decision from the drop down options.</li>
<li>
<b>
<i>NOTE</i>:</b> You do <b>not</b> require to insert a comment if you are simply approving. If you are <b>declining</b> the existing access(es) then please ensure you include which items you require removed in the notes field.</li>
<li>
<b>STEP 4:</b> Once you are satisfied with your decision, select the <b>submit</b> button. You only need press this <b>once</b>, it will <b>not</b> remain selected.</li>
<li>
<b>
<i>NOTE</i>:</b> Repeat the same steps for the next employee, be aware that your previous decision and notes remain until you amend them.</li>
</ul>
</html>
</panel>
</row>
<row>
<panel>
<input type="dropdown" token="decision_button" searchWhenChanged="true">
<label>Decision</label>
<choice value="Approved">Approve</choice>
<choice value="Declined">Decline</choice>
</input>
<input type="text" token="lvfs_note">
<label>Supporting Notes</label>
<prefix>"</prefix>
<suffix>"</suffix>
<default>*</default>
</input>
<input type="checkbox" token="tokPushResultsToCSV">
<label></label>
<choice value="submit">Submit Decision</choice>
<change>
<condition value="submit">
<set token="tokQueryOutputLookup">| outputlookup test.csv</set>
<unset token="form.tokPushResultsToCSV"></unset>
</condition>
<condition>
<unset token="tokQueryOutputLookup"></unset>
</condition>
</change>
<delimiter> </delimiter>
</input>
<table>
<search id="baseQuery">
<query>| inputlookup sailpoint_access_approvals.csv
| search "LV User ID"=$user_id$
| appendcols
[| inputlookup sailpoint_access_approvals_final.csv
| search "LV User ID"=$user_id$
| rename Decision as decision_new
| sort -approval_time
| dedup "LV User ID"]
| eval Decision=if(isnull(decision_new),"No Decision",decision_new)
| table "Display Name", "LV User ID", Manager, "Maternity Break", "Job Title", "User Access(es)", Decision, Notes
| dedup "LV User ID"</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
<refresh>2s</refresh>
</search>
<option name="count">10</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
<row>
<panel>
<table depends="$neverdisplay$">
<title>Employee Access Decision</title>
<search>
<progress>
<condition match="$job.resultCount$=0">
<unset token="tokShowOutput"></unset>
</condition>
<condition>
<set token="tokShowOutput"></set>
</condition>
</progress>
<query>| inputlookup sailpoint_access_approvals.csv
| search "LV User ID"="$user_id$"
| eval token="$tokQueryOutputLookup$"
| eval Decision="$decision_button$"
| eval Notes=$lvfs_note$
| appendcols
[ search index=layer7 earliest=-0s
| stats latest(_time) as current_time by index
| eval approval_time=strftime(current_time, "%Y-%m-%d %H:%M:%S")
| table approval_time]
| table "Display Name", "LV User ID", Manager, "Maternity Break", "Job Title", "User Access(es)", Decision, Notes, approval_time
| outputlookup append=true sailpoint_access_approvals_final.csv</query>
<earliest>$earliest$</earliest>
<latest>$latest$</latest>
</search>
<option name="count">10</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>
Get Updates on the Splunk Community!
Extending Observability Content to Splunk Cloud
Watch Now!
In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...
More Control Over Your Monitoring Costs with Archived Metrics!
What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...
New in Observability Cloud - Explicit Bucket Histograms
Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...
