Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

dashboard

Siddharthnegi
Contributor
‎10-06-2024 11:45 PM

Hi I have a Dashboard and i want to add a button , so when somebody solves that particular issue he/she can click on that button and it will change status to solved and it will be removed from dashboard.

for eg: I have a issue on a device and i solved that issue so then i can click on that button and it will make that issue status solved or will be removed from the dashboard.

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-07-2024 12:19 AM

Hi @Siddharthnegi ,

you can do this only displaying in your dashboard the records from a KV-Store lookup because Splunk isn't a database where you can delete records.

But a kv-store lookup is a database table in which you can store e.g. your open cases.

Then you have add an html button in your dashboard (Classic dashboard) and you have to create a java script that executes a search that deletes a record from the lookup and then displays again the updated lookup.

In other words, in the dashboard you ha to add:

<row>
    <panel>
      <html>
        <button class="btn btn-primary button1">Save</button>
        <a class="btn btn-primary" href="all_cases">Cancel</a>
      </html>
    </panel>
  </row>
  <row>

then you have to create a js like the following (obviously must to be adapted to your lookup to be inserted in $SPLUNK_HOME/etc/apps/<my_app>/appserver/static

require([
	"splunkjs/mvc",
	"splunkjs/mvc/searchmanager",
	"splunkjs/mvc/savedsearchmanager",
	"splunkjs/mvc/utils",
    "splunkjs/mvc/simplexml/ready!"
	], function(
		mvc,
		SearchManager,
        SavedSearchManager,
	) {
		var query;
		var tokens = mvc.Components.get("default");
		tokens.unset("status_to_update", null);
		tokens.unset("notes_to_update", null);
		tokens.unset("username_to_update", null);
	$(".button1").on("click", function (){
		//var tokens = mvc.Components.get("default");
		var username=Splunk.util.getConfigValue("USERNAME");      
		var mod_status = tokens.get("status_to_update");
		var mod_notes = tokens.get("notes_to_update");
		var mod_username = tokens.get("username_to_update");
		var username_updated = tokens.get("username_updated");
		var key = tokens.get("key");
		//alert(username_updated);
		//tokens.unset("status_to_update");		
		//tokens.unset("notes_to_update");
		//tokens.unset("username_to_update");
		if(mod_username==null) { } else { username=mod_username;}
		if (mod_status==null) {
			query = "| inputlookup open_cases | eval Notes=if(_key=\"" + key + "\",\"" + mod_notes + "\",Notes), Status=\"Work-in-progress\", User_Name=if(_key=\"" + key + "\",\"" + username + "\",User_Name) | search _key=\"" + key + "\" | outputlookup open_cases append=true | eval key=_key | collect addtime=true index=summary_alerts | eval Time=strftime(TimeStamp,\"%d/%m/%Y %H:%M:%S\"), key=_key | table key Time TimeStamp Alert_Name Description Status Notes User_Name";
			//alert (query);
		} else {
			query = "| inputlookup open_cases | eval Status=if(_key=\"" + key + "\",\"" + mod_status + "\",Status), Notes=if(_key=\"" + key + "\",\"" + mod_notes + "\",Notes), User_Name=if(_key=\"" + key + "\",\"" + username + "\",User_Name) | search _key=\"" + key + "\" | outputlookup open_cases append=true | eval key=_key | collect addtime=true index=summary_alerts | eval Time=strftime(TimeStamp,\"%d/%m/%Y %H:%M:%S\"), key=_key | table key Time TimeStamp Alert_Name Description Status Notes User_Name";
			//alert (query);
		}
		var ok = confirm("Are you sure?");
		if (ok){
			launchquery(query);
        } //else {
        //    alert('user did not click ok!');
        //}
    });
	function launchquery(query) {
		var mysearch = new SearchManager({
			id: "mysearch",
            autostart: "false",
            //search: "| inputlookup open_cases | eval Status=if(_key=\"$key$\",\"$status_updated$\",Status), Notes=if(_key=\"$key$\",\"$notes_updated$\",Notes), User_Name=if(_key=\"$key$\",\"$username_updated$\",User_Name) | search _key=\"$key$\" | outputlookup open_cases append=true | eval key=_key | collect addtime=true index=summary_alerts | eval Time=strftime(TimeStamp,\"%d/%m/%Y %H:%M:%S\"), key=_key | table key Time TimeStamp Alert_Name Description Status Notes User_Name"
			search: query
        });  
		mysearch.on('search:failed', function(properties) {
            // Print the entire properties object
            console.log("FAILED:", properties);
        });
        mysearch.on('search:progress', function(properties) {
            // Print just the event count from the search job
            console.log("IN PROGRESS.\nEvents so far:", properties.content.eventCount);
        });
        mysearch.on('search:done', function(properties) {
            // Print the search job properties
            console.log("DONE!\nSearch job properties:", properties.content);
        });
		window.location.reload();
	}
});

I cannot help you more because I'm not an expert in JS developing.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...