I am attempting to convert most of my xml to javascript in my dashboards. I have several single values that I can click on and show that specific data in the table. For example, one particular single value is Blacklisted. When I click on the numeric value, it shows details of files, md5, sha256, dates, etc that have been tagged as blacklisted. In XML my token is set as follows:
<set token="tkblacklist">blacklist IN (t)</set>
I filter on "true." The token is used in my table, and I get a list of blacklisted entities.
... | search $tkblacklist$
Screenshot below is a sample of the current dashboard functionality.
When I try to do this in javascript, I am confused how to apply the token using the SingleView and pass the token to the TableView. I have done a lot of reading, watching videos, and trial and error, but I can't seem to get this right. Most of the examples are for text inputs, dropdowns, and muti-select features.
My test.js file
require([
'underscore',
'backbone',
'splunkjs/mvc',
'splunkjs/mvc/searchmanager',
'splunkjs/mvc/postprocessmanager',
'splunkjs/mvc/singleview',
'splunkjs/mvc/tableview',
'splunkjs/mvc/simplexml/ready!'
], function(_, Backbone, mvc, SearchManager, PostProcessManager, SingleView, TableView) {
var baseSearch = new SearchManager({
id: "baseSearch",
preview: true,
cache: false,
search: "| tstats count values(modproc.process) AS process from datamodel=dmname.modproc where nodename=modproc by modproc.blacklist modproc.process modproc.md5"
// Blacklisted
var blacklistProcesses = new PostProcessManager({
id: "blacklistProcesses",
managerid: "baseSearch",
search: "| rename modproc.* AS * | search blacklist IN (\"t\") | stats count"
});
new SingleView({
id: "blacklistProcesses_Dashboard",
managerid: "blacklistProcesses",
height: "50",
el: $("#blacklistProc")
}).render();
// Get your div
var my_div = $("#blacklistProc");
// Respond to clicks
my_div.on("click", function(e) {
var tokens = mvc.Components.get("submitted");
tokens.set("mytoken", "| search blacklist IN (\"t\")");
});
// Process Table View
var tableProcesses = new PostProcessManager({
id: "tableProcesses",
managerid: "baseSearch",
search: "| rename modproc.* AS * | $mytoken$"
}, {tokens: true});
new TableView({
id: "tblProcess",
managerid: "tableProcesses",
pageSize: "50",
el: $("#tableProc")
}).render();
});
My XML
<dashboard script="test.js" stylesheet="test.css" theme="dark">
<label>Test Javascript Dashboard</label>
<row>
<panel>
<html>
<h3 class="MainHeading"> Blacklisted </h3>
<div id="blacklistProc"/>
</html>
</panel>
</row>
<row>
<panel>
<title>My Table</title>
<html>
<div id="tableProc"/>
</html>
</panel>
</row>
</dashboard>
I have also tried to use drilldown in the SingleView, but that just opens the Search window.
Thanks