Solved: Supply Input to Dashboard with REST API

_smp_ · ‎02-24-2020

I have an dashboard that takes an email address in a Text input. Is there a way to supply an email address for the input and render the Dashboard using the REST API?

The dashboard is used by a group of internal investigators to gather artifacts for their investigations. Their process right now (obviously) is to log into Splunk, navigate to the dashboard, input an email address, hit the Submit button and export the resulting PDF. This is a small part of a much broader workflow. We'd like to automate this Splunk portion to help streamline their investigation process. So I'm trying to perform the same dashboard operations a person would, but using REST APIs instead.

The PDF export is important because it compiles information from multiple searches into a single artifact, as opposed to creating multiple searches and outputs with the search API.

efavreau · ‎02-26-2020

@scottprigge You can use the API to get the data. You can do this in your dashboard and can be possible to get the data from the command line. On the command line, using curl (for example), you could have the investigator update the email address in the query (or series of queries) and hit enter.

If the pdf is a requirement, you would need another step then, to take the output results from the API and convert that into a PDF that is formatted to your needs. Otherwise the pdf output is only possible from the GUI.

###

If this reply helps you, an upvote would be appreciated.

View solution in original post

efavreau · ‎02-26-2020

@scottprigge You can use the API to get the data. You can do this in your dashboard and can be possible to get the data from the command line. On the command line, using curl (for example), you could have the investigator update the email address in the query (or series of queries) and hit enter.

If the pdf is a requirement, you would need another step then, to take the output results from the API and convert that into a PDF that is formatted to your needs. Otherwise the pdf output is only possible from the GUI.

###

If this reply helps you, an upvote would be appreciated.

_smp_ · ‎02-26-2020

Ironically, it seems the PDF download is actually something that we've been able to do. The bigger for our process seems to be how to pass the token value to the dashboard through the REST API, as though a user was entering the input.

efavreau · ‎02-26-2020

@scottprigge There's some piece I'm missing. How is the PDF being generated? Is that process independent from Splunk? Or is the GUI being used, or some other way to generate the pdf? What is it about the API you think will solve your issue? Is the ability to invoke from the command line, or something else? Or are you looking for a way to invoke the GUI dashboard from an external tool, which could generate hyperlinks with a unique email address per link, which when clicked, would open a web browser to the Dashboard with the email token pre-filled in? From the dashboard they are using the dashboard GUI to generate the pdf.
If so, then in your dashboard, your form's fieldname - (url maybe?), might be passed to the URL like so: http://splunk.example.com?form.url="name@example.com"

###

If this reply helps you, an upvote would be appreciated.

_smp_ · ‎02-27-2020

might be passed to the URL like so: http://splunk.example.com?form.url="name@example.com"
I think this is exactly what I am looking to do, sorry for my difficulty articulating. Is your parameter-passing example something you came up with? Or is there documentation for that? I haven't found the documentation yet.

efavreau · ‎02-28-2020

@scottprigge There's no docs I know of, or could find with a quick search. However, to get you to common frame of reference, if you have the Splunk Dashboard Examples App, then look at the Text Form Input Element example, and note the code and the way the URL behaves.
The xml in the dashboard starts:

<form>
    <label>Text Form Input Element</label>
    <description>Set search terms by populating a form with textbox input.</description>
    <fieldset autoRun="true" submitButton="false">
        <input type="text" token="limit" searchWhenChanged="true">
            <label>Enter an integer N:</label>
            <default>5</default>
        </input>
    </fieldset>

The token limit is reflected in the URL of your browser as:
https://my.splunk/en-US/app/simple_xml_examples/simple_form_text?form.limit=5

If you change the 5 in the URL (your browser's address bar), to a 10, and hit enter, it will load the dashboard as if 10 was entered into the form already.

The only wrinkle with this is the login timeout. The user has to be authenticated in first, and then can keep using the URL, until their login times out.

###

If this reply helps you, an upvote would be appreciated.

_smp_ · ‎03-03-2020

Thanks for the reference.

efavreau · ‎02-24-2020

More details please. Scenario: A user comes to your dashboard, enters their email address, and you want the dashboard to make Splunk API calls for data and render? If so, yes. How does the email address figure into this?

###

If this reply helps you, an upvote would be appreciated.

_smp_ · ‎02-25-2020

Thank you for your comment. I have added additional detail to my original post.

Supply Input to Dashboard with REST API

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation