- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- Splunk Add-on - multi select values in an alert ac...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Add-on - multi select values in an alert action
Hi,
I'm working on an add-on for Splunk. I added an alert action, and I'm adding some fields to it.
How can I add a dynamic multi-select field? The use case - I query Splunk, display the values, and allow the user to select some or all of them. The closest thing I've found is Splunk's splunk-search-dropdown, but it is only for single select.
Thanks,
Shachar
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
would it be of any issue, if you concatenate the multiple values selected by user to something like "value1, value2,value3" and send it your alert actions, where you can act based on value1, 2 3?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@lakshman239 If you mean that the user would be able to select multiple values, and I'll get them as "value1, value2,value3" in the backend, yes, that would work for me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
when user selects multiple values, save them to a field in an index (which has concatenated values) and give this in your alert action [ one of the field].
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But I need to dynamically create those fields from a search results. Is this possible?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, thats possible. As you know what fields are possible (by dynamic selection), you can save them to a field and inside the modalert*.py, you can parse them and extract them to your needs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@lakshman239 but how can the user choose the fields? (he needs to choose some or all of them)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As part of your add-on, I assume you are building a config page and alert UI (where you run a search and show fields in multi-select). The users select them and you save them to another field or index, which is passed as alert actions (pls check alert_actions.conf) and inside your modalert*.py you can then process them. Hope I am thinking along your requirements. If you are using Add-on builder, it will be easy.
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
