Solved: Re: Splunkjs - access field names from search data...

peamc · ‎11-24-2014

Hoping I'll be able to find an answer to this; any help is much appreciated.

I'm running a search and then populating a custom chart made with Google Charts.

I have no problems getting the results back from a search (as below), but is there a way of returning the field names from the search ? The reason for this is so I can apply these as axis titles (rather than manually set them). Hopefully this makes sense.

var mySearch = splunkjs.mvc.Components.getInstance("search3");
var datasource = mySearch.data('results', {count:0});
console.log("Rows: ", datasource.data().rows);

tom_frotscher · ‎11-24-2014

Hi,

if you console.log(datasource.data()), you will see an array that contains the fields. So you can use this to also print out the fields:

var mySearch = splunkjs.mvc.Components.getInstance("search3");
var datasource = mySearch.data('results', {count:0});
console.log("Rows: ", datasource.data().rows); 
console.log("Fields: ", datasource.data().fields);

Greetings

Tom

View solution in original post

tom_frotscher · ‎11-24-2014

Hi,

if you console.log(datasource.data()), you will see an array that contains the fields. So you can use this to also print out the fields:

var mySearch = splunkjs.mvc.Components.getInstance("search3");
var datasource = mySearch.data('results', {count:0});
console.log("Rows: ", datasource.data().rows); 
console.log("Fields: ", datasource.data().fields);

Greetings

Tom

japposadas · ‎01-22-2018

i tried using this to retrieve field header names so that i can put it on the a dropdown list. but i always keep on getting Uncaught TypeError: Cannot read property 'rows' of undefined, which ID should I use? the ID for the search bar or the ID of the search manager? or am I lacking on js libraries?

here's my script

require([
"splunkjs/mvc/searchmanager",
"splunkjs/mvc/searchbarview",
"splunkjs/mvc/searchcontrolsview",
"splunkjs/mvc/timelineview",
"splunkjs/mvc/tableview",
"splunkjs/mvc/simplexml/ready!"
], function(
SearchManager,
SearchbarView,
SearchControlsView,
TimelineView,
TableView
) {

// Create the search manager
var mysearch = new SearchManager({
    id: "search1",
    app: "search",
    preview: true,
    cache: true,
    status_buckets: 300,
    required_field_list: "*",
    search: "index=_internal | head 100"
});

// Create the views
var mytimeline = new TimelineView ({
    id: "timeline1",
    managerid: "search1",
    el: $("#mytimeline1")
}).render();

var mysearchbar = new SearchbarView ({
    id: "searchbar1",
    managerid: "search1",
    el: $("#mysearchbar1")
}).render();

var mysearchcontrols = new SearchControlsView ({
    id: "searchcontrols1",
    managerid: "search1",
    el: $("#mysearchcontrols1")
}).render();

var mytable = new TableView ({
    id: "table1",
    managerid: "search1",
    el: $("#mytable1")
}).render();

// When the timeline changes, update the search manager
mytimeline.on("change", function() {
    mysearch.settings.set(mytimeline.val());
});

// When the query in the searchbar changes, update the search manager
mysearchbar.on("change", function() {
    mysearch.settings.unset("search");
    mysearch.settings.set("search", mysearchbar.val());
});

// When the timerange in the searchbar changes, update the search manager
mysearchbar.timerange.on("change", function() {
    mysearch.settings.set(mysearchbar.timerange.val());
});

 var searchRes = splunkjs.mvc.Components.getInstance("search1");
 var datasource = searchRes.data('results', {count:});
 console.log("Rows: ", datasource.data().rows); 
 console.log("Fields: ", datasource.data().fields);

});

peamc · ‎11-24-2014

Thanks, Tom.

That worked perfectly !

Splunkjs - access field names from search data object.

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?