How do I make a Custom dashboard with js?

anissabnk · ‎06-26-2023

Hello everyone,

I need some help with a spl request.

<row>
<panel>
<title>SUIVI DES FLUX - TRANSMISSION WS</title>
<input type="dropdown" token="partenaire" searchWhenChanged="true">
<label>PARTENAIRE</label>
<search>
<query>index=rcd earliest=@mon latest=now |table partenaire |dedup partenaire</query>
<earliest>$earliest$</earliest>
<latest>$latest$</latest>
</search>
<choice value="*">ALL</choice>
<initialValue>*</initialValue>

<default>*</default>
<change>
<condition value="*">
<set token="new_search">index=rcd earliest=@mon latest=now |search $partenaire$ |eval date_appel=strftime(_time,"%b %y") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws, values(date_appel) as date_appel |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO |append [ search index=rcd earliest=-1d@d latest=@d partenaire=$partenaire$ |eval time=strftime(_time,"%Y-%m-%d") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws values(partenaire) as partenaire , values(date_appel) as date_appel |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO] |eval partenaire="$partenaire$"</set>
</condition>
<condition match="NOT match('value', "*")">
<set token="new_search">index=rcd earliest=@mon latest=now |search $partenaire$ |eval date_appel=strftime(_time,"%b %y") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws, values(date_appel) as date_appel by partenaire |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO |append [ search index=rcd $partenaire$ earliest=-1d@d latest=@d |eval time=strftime(_time,"%Y-%m-%d") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws values(partenaire) as partenaire , values(date_appel) as date_appel |mvexpand partenaire |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO]</set>
</condition>
</change>
<fieldForLabel>partenaire</fieldForLabel>
<fieldForValue>partenaire</fieldForValue>
</input>
<html>
<div id="htmlPanelWithToken">
</div>
</html>
</panel>
</row>

I use two searches with a value condition depending on the value of filter : partenaire.

I need to use this search to make it work with my js script.
I don't know how to add the value conditions to the query below.

<search id="mySearch">
<done>
<set token="tokHTML">$result.data$</set>
</done>
<query>index=rcd_statuts_count libelle=web_service_supervision_count | search partenaire IN ($partenaire$) |eval date_appel=strftime(_time,"%b %y")|table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO | eventstats sum(nb_appel_OK) as sum_nb_appel_ok sum(nb_appel_KO) as sum_nb_appel_ko |append [ search index=rcd earliest=-1d@d latest=@d | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws values(partenaire) as partenaire , values(date_appel) as date_appel |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO | eventstats sum(nb_appel_OK) as sum_nb_appel_ok sum(nb_appel_KO) as sum_nb_appel_ko]</query>
<done>
<condition>
<set token="nom_ws">$nom_ws$</set>
<set token="partenaire">$partenaire$</set>
<set token="date_appel">$date_appel$</set>
<set token="sum_nb_appel_ok">$result.sum_nb_appel_ok$</set>
<set token="sum_nb_appel_ko">$result.sum_nb_appel_ko$</set>
</condition>
</done>

Thank you so much

kamlesh_vaghela · ‎06-26-2023

@anissabnk

I'm sharing a basic example that shows how we can use Splunk JS Extension to set/get and access the events of inputs.

JS

require([
    'underscore',
    'jquery',
    'splunkjs/mvc',
    'splunkjs/mvc/simplexml/ready!'
], function (_, $, mvc) {
    var submittedTokenModel = mvc.Components.get("submitted");
    var defaultTokenModel = mvc.Components.get('default');

    submittedTokenModel.on("change:partenaire", function () {
        var form_tkn_partenaire = submittedTokenModel.get('form.partenaire');
        console.log(form_tkn_partenaire);
        if (form_tkn_partenaire == "*") {
            setToken("newSearch", "| makeresults count=10 | eval a=1 | accum a | table a | eval search=\"Hey, This search is for Star value\"");
            setToken("isStarSelected", "Yes");

        }
        else {
            setToken("newSearch", "| makeresults count=10 | eval a=1 | accum a | table a | eval search=\"Hey, This search is for \" . a . \" value\"");
            setToken("isStarSelected", "No");
        }
    });

    function setToken(tokenName, tokenValue) {
        defaultTokenModel.set(tokenName, tokenValue);
        submittedTokenModel.set(defaultTokenModel.toJSON());
        console.log(tokenName);
        console.log(tokenValue);
    }
});

XML

<form version="1.1" script="a.js">
  <label>Custom dashboard with js</label>
  <fieldset submitButton="false">
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="dropdown" token="partenaire" searchWhenChanged="true">
      <label>PARTENAIRE</label>
      <search>
        <query>| makeresults count=10 | eval partenaire=1 | accum partenaire | table partenaire</query>
        <earliest>$earliest$</earliest>
        <latest>$latest$</latest>
      </search>
      <choice value="*">ALL</choice>
      <initialValue>*</initialValue>
      <default>*</default>
      <fieldForLabel>partenaire</fieldForLabel>
      <fieldForValue>partenaire</fieldForValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <html>
      <div id="htmlPanelWithToken">
        $isStarSelected$
      </div>
      </html>
    </panel>
  </row>
  <row>
    <panel>
      <table>
        <title>
        $isStarSelected$</title>
        <search>
          <query>$newSearch$</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

I hope this will help you to resolve your issue.

Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.

How do I make a Custom dashboard with js?

configuration

using Splunk Enterprise

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

How do I make a Custom dashboard with js?

configuration

using Splunk Enterprise

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?