Splunk Enterprise

Splunk Web Framework Javascript SingleView Tokens: How to convert most of my xml to javascript in my dashboards?

rkeq0515
Path Finder

I am attempting to convert most of my xml to javascript in my dashboards.  I have several single values that I can click on and show that specific data in the table.  For example, one particular single value is Blacklisted.  When I click on the numeric value, it shows details of files, md5, sha256, dates, etc that have been tagged as blacklisted.  In XML my token is set as follows:

 

<set token="tkblacklist">blacklist IN (t)</set>

 

I filter on "true."  The token is used in my table, and I get a list of blacklisted entities.

 

... | search $tkblacklist$

 

  

Screenshot below is a sample of the current dashboard functionality.

rkeq0515_0-1659120644372.png

 

When I try to do this in javascript, I am confused how to apply the token using the SingleView and pass the token to the TableView.  I have done a lot of reading, watching videos, and trial and error, but I can't seem to get this right.  Most of the examples are for text inputs, dropdowns, and muti-select features.

My test.js file

 

require([
    'underscore',
    'backbone',
    'splunkjs/mvc',
    'splunkjs/mvc/searchmanager',
    'splunkjs/mvc/postprocessmanager',
    'splunkjs/mvc/singleview',
    'splunkjs/mvc/tableview',
    'splunkjs/mvc/simplexml/ready!'
], function(_, Backbone, mvc, SearchManager, PostProcessManager, SingleView, TableView) {

 var baseSearch = new SearchManager({
            id: "baseSearch",
            preview: true,
            cache: false,
            search: "| tstats count values(modproc.process) AS process from datamodel=dmname.modproc where nodename=modproc by modproc.blacklist modproc.process modproc.md5"

// Blacklisted

       var blacklistProcesses = new PostProcessManager({
        id: "blacklistProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | search blacklist IN (\"t\") | stats count"
        });

       new SingleView({
        id: "blacklistProcesses_Dashboard",
        managerid: "blacklistProcesses",
        height: "50",
        el: $("#blacklistProc")
       }).render();

// Get your div
    var my_div = $("#blacklistProc");

// Respond to clicks
    my_div.on("click", function(e) {
        var tokens = mvc.Components.get("submitted");
        tokens.set("mytoken", "| search blacklist IN (\"t\")");
    });

// Process Table View
       var tableProcesses = new PostProcessManager({
        id: "tableProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | $mytoken$"
        }, {tokens: true});

       new TableView({
        id: "tblProcess",
        managerid: "tableProcesses",
        pageSize: "50",
        el: $("#tableProc")
      }).render();
    });


 

 My XML

 

<dashboard script="test.js" stylesheet="test.css" theme="dark">
  <label>Test Javascript Dashboard</label>
  <row>
     <panel>
      <html>

      <h3 class="MainHeading"> Blacklisted </h3> 
      <div id="blacklistProc"/>
   
    </html>
    </panel>
</row>

  <row>
    <panel>
      <title>My Table</title>
      <html>
        <div id="tableProc"/>
     </html>
    </panel>
  </row>
</dashboard>

 

 

I have also tried to use drilldown in the SingleView, but that just opens the Search window.

Thanks

 

Labels (2)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...