Splunk Web Framework Javascript SingleView Tokens:...

rkeq0515 · ‎07-29-2022

I am attempting to convert most of my xml to javascript in my dashboards. I have several single values that I can click on and show that specific data in the table. For example, one particular single value is Blacklisted. When I click on the numeric value, it shows details of files, md5, sha256, dates, etc that have been tagged as blacklisted. In XML my token is set as follows:

<set token="tkblacklist">blacklist IN (t)</set>

I filter on "true." The token is used in my table, and I get a list of blacklisted entities.

... | search $tkblacklist$

Screenshot below is a sample of the current dashboard functionality.

When I try to do this in javascript, I am confused how to apply the token using the SingleView and pass the token to the TableView. I have done a lot of reading, watching videos, and trial and error, but I can't seem to get this right. Most of the examples are for text inputs, dropdowns, and muti-select features.

My test.js file

require([
    'underscore',
    'backbone',
    'splunkjs/mvc',
    'splunkjs/mvc/searchmanager',
    'splunkjs/mvc/postprocessmanager',
    'splunkjs/mvc/singleview',
    'splunkjs/mvc/tableview',
    'splunkjs/mvc/simplexml/ready!'
], function(_, Backbone, mvc, SearchManager, PostProcessManager, SingleView, TableView) {

 var baseSearch = new SearchManager({
            id: "baseSearch",
            preview: true,
            cache: false,
            search: "| tstats count values(modproc.process) AS process from datamodel=dmname.modproc where nodename=modproc by modproc.blacklist modproc.process modproc.md5"

// Blacklisted

       var blacklistProcesses = new PostProcessManager({
        id: "blacklistProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | search blacklist IN (\"t\") | stats count"
        });

       new SingleView({
        id: "blacklistProcesses_Dashboard",
        managerid: "blacklistProcesses",
        height: "50",
        el: $("#blacklistProc")
       }).render();

// Get your div
    var my_div = $("#blacklistProc");

// Respond to clicks
    my_div.on("click", function(e) {
        var tokens = mvc.Components.get("submitted");
        tokens.set("mytoken", "| search blacklist IN (\"t\")");
    });

// Process Table View
       var tableProcesses = new PostProcessManager({
        id: "tableProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | $mytoken$"
        }, {tokens: true});

       new TableView({
        id: "tblProcess",
        managerid: "tableProcesses",
        pageSize: "50",
        el: $("#tableProc")
      }).render();
    });

My XML

<dashboard script="test.js" stylesheet="test.css" theme="dark">
  <label>Test Javascript Dashboard</label>
  <row>
     <panel>
      <html>

      <h3 class="MainHeading"> Blacklisted </h3> 
      <div id="blacklistProc"/>
   
    </html>
    </panel>
</row>

  <row>
    <panel>
      <title>My Table</title>
      <html>
        <div id="tableProc"/>
     </html>
    </panel>
  </row>
</dashboard>

I have also tried to use drilldown in the SingleView, but that just opens the Search window.

Thanks

Splunk Web Framework Javascript SingleView Tokens: How to convert most of my xml to javascript in my dashboards?

configuration

using Splunk Enterprise

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Splunk Observability Metrics Cost Optimization

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation