Splunk Web Framework Javascript SingleView Tokens:...

rkeq0515 · ‎07-29-2022

I am attempting to convert most of my xml to javascript in my dashboards. I have several single values that I can click on and show that specific data in the table. For example, one particular single value is Blacklisted. When I click on the numeric value, it shows details of files, md5, sha256, dates, etc that have been tagged as blacklisted. In XML my token is set as follows:

<set token="tkblacklist">blacklist IN (t)</set>

I filter on "true." The token is used in my table, and I get a list of blacklisted entities.

... | search $tkblacklist$

Screenshot below is a sample of the current dashboard functionality.

When I try to do this in javascript, I am confused how to apply the token using the SingleView and pass the token to the TableView. I have done a lot of reading, watching videos, and trial and error, but I can't seem to get this right. Most of the examples are for text inputs, dropdowns, and muti-select features.

My test.js file

require([
    'underscore',
    'backbone',
    'splunkjs/mvc',
    'splunkjs/mvc/searchmanager',
    'splunkjs/mvc/postprocessmanager',
    'splunkjs/mvc/singleview',
    'splunkjs/mvc/tableview',
    'splunkjs/mvc/simplexml/ready!'
], function(_, Backbone, mvc, SearchManager, PostProcessManager, SingleView, TableView) {

 var baseSearch = new SearchManager({
            id: "baseSearch",
            preview: true,
            cache: false,
            search: "| tstats count values(modproc.process) AS process from datamodel=dmname.modproc where nodename=modproc by modproc.blacklist modproc.process modproc.md5"

// Blacklisted

       var blacklistProcesses = new PostProcessManager({
        id: "blacklistProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | search blacklist IN (\"t\") | stats count"
        });

       new SingleView({
        id: "blacklistProcesses_Dashboard",
        managerid: "blacklistProcesses",
        height: "50",
        el: $("#blacklistProc")
       }).render();

// Get your div
    var my_div = $("#blacklistProc");

// Respond to clicks
    my_div.on("click", function(e) {
        var tokens = mvc.Components.get("submitted");
        tokens.set("mytoken", "| search blacklist IN (\"t\")");
    });

// Process Table View
       var tableProcesses = new PostProcessManager({
        id: "tableProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | $mytoken$"
        }, {tokens: true});

       new TableView({
        id: "tblProcess",
        managerid: "tableProcesses",
        pageSize: "50",
        el: $("#tableProc")
      }).render();
    });

My XML

<dashboard script="test.js" stylesheet="test.css" theme="dark">
  <label>Test Javascript Dashboard</label>
  <row>
     <panel>
      <html>

      <h3 class="MainHeading"> Blacklisted </h3> 
      <div id="blacklistProc"/>
   
    </html>
    </panel>
</row>

  <row>
    <panel>
      <title>My Table</title>
      <html>
        <div id="tableProc"/>
     </html>
    </panel>
  </row>
</dashboard>

I have also tried to use drilldown in the SingleView, but that just opens the Search window.

Thanks

Splunk Web Framework Javascript SingleView Tokens: How to convert most of my xml to javascript in my dashboards?

configuration

using Splunk Enterprise

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Are you a member of the Splunk Community?