Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Throwing errors in splunk dashboards

nibinabr
Communicator
‎12-04-2014 03:38 PM

Is it possible to display an error on a splunk dashboard.
Say I want to display an error if the user selects a time range which is greater than n days. Dashboard should not pull the data if it is in this time range, instead it should just show the error message on the panel.
I'm on splunk 6.0.

Reply

sansay
Contributor
‎04-27-2015 11:04 AM

I just developed the technique to do exactly what you want. It is a bit complicated but it works perfectly.
You will need to use the SideView Utils library, and add a "Run" button which will run the searches in your dashboard.
Set the parameters of this button like this:

        <module name="Button" layoutPanel="viewHeader">
            <param name="allowSoftSubmit">False</param>
            <param name="allowAutoSubmit">False</param>
            <param name="label">Run</param>
            <param name="customBehavior">TimeRangeExceeds7DaysError</param>

In the application.js file which sits in your search head, (I think that's the right path:
[home]/etc/apps/search/appserver/static/application.js)
add the following function:

if (typeof(Sideview)!="undefined")
{
Sideview.utils.declareCustomBehavior("TimeRangeExceeds7DaysError", function(buttonModule)
    {
        methodReference = buttonModule.onContextChange.bind(buttonModule);
        buttonModule.onContextChange = function()
        {
            var context = this.getContext();
            var search = context.get("search");
            var range = search.getTimeRange();
            var earliestTime = range.getEarliestTimeTerms();
            var n = 0;
            if( range.isRelative() )
            {
                n = parseInt(earliestTime.toString().substr(1), 10);
            }

            var rexw = /-\d+w/i;
            var rexd = /-\d+d/i;
            var rexh = /-\d+h/i;
            var rexm = /-\d+m/i
            var rexs = /-\d+s/i;

            if(
                range.getDuration() > 604800000 ||
                earliestTime.toString().indexOf("mon") > -1 ||
                earliestTime.toString().indexOf("y") > -1 ||
                (rexw.test(earliestTime) && n > 1 ) ||
                (rexd.test(earliestTime) && n > 7) ||
                (rexh.test(earliestTime) && n > 168) ||
                (rexm.test(earliestTime) && n > 10080) ||
                (rexs.test(earliestTime) && n > 604800)
               )
                {
                    alert('This dashboard can only run for a maximum time range of 7 days.\r\nThe Run button will remain hidden until you set a valid time range');
                    this.hide("run_button");
                }
                else
                {
                   this.show("run_button");
                }
            }
        return methodReference();
    });
}

In this particular case, whenever the time range selected exceeds 7 days, a message pops-up with the text informing the user of the dashboard limitation, and what needs to be done, to enable the "Run" button.
Note that the recognition handles both absolute and relative time range selections. This allows users to pick specific time ranges in the past so long as they do not exceed 7 days. And, it will even trigger if time range is set in hours, minutes or seconds but the total amount of time is greater than 7 days.

0 Karma
Reply

Lucas_K
Motivator
‎12-04-2014 06:35 PM

I'm not sure of a way to limit timeframes like that outside of removing options from perhaps an app specific times.conf maybe.

The other way I would do it would be hard code a drop down with static time selections options. Then pass those through to the search as earliest & latest parameters.

0 Karma
Reply

nibinabr
Communicator
‎12-04-2014 09:29 PM

I'm actually more curious to know if there is a way to display the error message.

Editing time.conf and a dropdown is not a solution in my use case.

0 Karma
Reply

Lucas_K
Motivator
‎12-04-2014 09:37 PM

Sounds like the wrong way to go about the issue (i'd rather just stop the users in the first place!) but ...

Make an eval statement compare now() to earliest. Have another that gets set to your error message if it exceed's a certain number of seconds (604,800 - 7 days). Do the normal search. At the very end output either normal results OR the error message eval-ed earlier.

0 Karma
Reply

nibinabr
Communicator
‎12-05-2014 06:32 AM

So that is my question. What is the best way to throw an error message ? Following pipe commands shouldn't be executed once the error message is thrown.

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...