Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Web Framework Javascript SingleView Tokens: How to convert most of my xml to javascript in my dashboards?

rkeq0515
Path Finder
‎07-29-2022 12:03 PM

I am attempting to convert most of my xml to javascript in my dashboards.  I have several single values that I can click on and show that specific data in the table.  For example, one particular single value is Blacklisted.  When I click on the numeric value, it shows details of files, md5, sha256, dates, etc that have been tagged as blacklisted.  In XML my token is set as follows:

 

<set token="tkblacklist">blacklist IN (t)</set>

 

I filter on "true."  The token is used in my table, and I get a list of blacklisted entities.

 

... | search $tkblacklist$

 

  

Screenshot below is a sample of the current dashboard functionality.

rkeq0515_0-1659120644372.png

 

When I try to do this in javascript, I am confused how to apply the token using the SingleView and pass the token to the TableView.  I have done a lot of reading, watching videos, and trial and error, but I can't seem to get this right.  Most of the examples are for text inputs, dropdowns, and muti-select features.

My test.js file

 

require([
    'underscore',
    'backbone',
    'splunkjs/mvc',
    'splunkjs/mvc/searchmanager',
    'splunkjs/mvc/postprocessmanager',
    'splunkjs/mvc/singleview',
    'splunkjs/mvc/tableview',
    'splunkjs/mvc/simplexml/ready!'
], function(_, Backbone, mvc, SearchManager, PostProcessManager, SingleView, TableView) {

 var baseSearch = new SearchManager({
            id: "baseSearch",
            preview: true,
            cache: false,
            search: "| tstats count values(modproc.process) AS process from datamodel=dmname.modproc where nodename=modproc by modproc.blacklist modproc.process modproc.md5"

// Blacklisted

       var blacklistProcesses = new PostProcessManager({
        id: "blacklistProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | search blacklist IN (\"t\") | stats count"
        });

       new SingleView({
        id: "blacklistProcesses_Dashboard",
        managerid: "blacklistProcesses",
        height: "50",
        el: $("#blacklistProc")
       }).render();

// Get your div
    var my_div = $("#blacklistProc");

// Respond to clicks
    my_div.on("click", function(e) {
        var tokens = mvc.Components.get("submitted");
        tokens.set("mytoken", "| search blacklist IN (\"t\")");
    });

// Process Table View
       var tableProcesses = new PostProcessManager({
        id: "tableProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | $mytoken$"
        }, {tokens: true});

       new TableView({
        id: "tblProcess",
        managerid: "tableProcesses",
        pageSize: "50",
        el: $("#tableProc")
      }).render();
    });

 

 My XML

 

<dashboard script="test.js" stylesheet="test.css" theme="dark">
  <label>Test Javascript Dashboard</label>
  <row>
     <panel>
      <html>

      <h3 class="MainHeading"> Blacklisted </h3> 
      <div id="blacklistProc"/>
   
    </html>
    </panel>
</row>

  <row>
    <panel>
      <title>My Table</title>
      <html>
        <div id="tableProc"/>
     </html>
    </panel>
  </row>
</dashboard>

 

 

I have also tried to use drilldown in the SingleView, but that just opens the Search window.

Thanks

 

Labels (2)
Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...

Splunk AppDynamics Agents Webinar Series

Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...
Top