Splunk Enterprise

Splunk Web Framework Javascript SingleView Tokens: How to convert most of my xml to javascript in my dashboards?

Path Finder

I am attempting to convert most of my xml to javascript in my dashboards.  I have several single values that I can click on and show that specific data in the table.  For example, one particular single value is Blacklisted.  When I click on the numeric value, it shows details of files, md5, sha256, dates, etc that have been tagged as blacklisted.  In XML my token is set as follows:


<set token="tkblacklist">blacklist IN (t)</set>


I filter on "true."  The token is used in my table, and I get a list of blacklisted entities.


... | search $tkblacklist$



Screenshot below is a sample of the current dashboard functionality.



When I try to do this in javascript, I am confused how to apply the token using the SingleView and pass the token to the TableView.  I have done a lot of reading, watching videos, and trial and error, but I can't seem to get this right.  Most of the examples are for text inputs, dropdowns, and muti-select features.

My test.js file


], function(_, Backbone, mvc, SearchManager, PostProcessManager, SingleView, TableView) {

 var baseSearch = new SearchManager({
            id: "baseSearch",
            preview: true,
            cache: false,
            search: "| tstats count values(modproc.process) AS process from datamodel=dmname.modproc where nodename=modproc by modproc.blacklist modproc.process modproc.md5"

// Blacklisted

       var blacklistProcesses = new PostProcessManager({
        id: "blacklistProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | search blacklist IN (\"t\") | stats count"

       new SingleView({
        id: "blacklistProcesses_Dashboard",
        managerid: "blacklistProcesses",
        height: "50",
        el: $("#blacklistProc")

// Get your div
    var my_div = $("#blacklistProc");

// Respond to clicks
    my_div.on("click", function(e) {
        var tokens = mvc.Components.get("submitted");
        tokens.set("mytoken", "| search blacklist IN (\"t\")");

// Process Table View
       var tableProcesses = new PostProcessManager({
        id: "tableProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | $mytoken$"
        }, {tokens: true});

       new TableView({
        id: "tblProcess",
        managerid: "tableProcesses",
        pageSize: "50",
        el: $("#tableProc")




<dashboard script="test.js" stylesheet="test.css" theme="dark">
  <label>Test Javascript Dashboard</label>

      <h3 class="MainHeading"> Blacklisted </h3> 
      <div id="blacklistProc"/>

      <title>My Table</title>
        <div id="tableProc"/>



I have also tried to use drilldown in the SingleView, but that just opens the Search window.



Labels (3)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...