Splunk Web Framework Javascript SingleView Tokens:...

rkeq0515 · ‎07-29-2022

I am attempting to convert most of my xml to javascript in my dashboards. I have several single values that I can click on and show that specific data in the table. For example, one particular single value is Blacklisted. When I click on the numeric value, it shows details of files, md5, sha256, dates, etc that have been tagged as blacklisted. In XML my token is set as follows:

<set token="tkblacklist">blacklist IN (t)</set>

I filter on "true." The token is used in my table, and I get a list of blacklisted entities.

... | search $tkblacklist$

Screenshot below is a sample of the current dashboard functionality.

When I try to do this in javascript, I am confused how to apply the token using the SingleView and pass the token to the TableView. I have done a lot of reading, watching videos, and trial and error, but I can't seem to get this right. Most of the examples are for text inputs, dropdowns, and muti-select features.

My test.js file

require([
    'underscore',
    'backbone',
    'splunkjs/mvc',
    'splunkjs/mvc/searchmanager',
    'splunkjs/mvc/postprocessmanager',
    'splunkjs/mvc/singleview',
    'splunkjs/mvc/tableview',
    'splunkjs/mvc/simplexml/ready!'
], function(_, Backbone, mvc, SearchManager, PostProcessManager, SingleView, TableView) {

 var baseSearch = new SearchManager({
            id: "baseSearch",
            preview: true,
            cache: false,
            search: "| tstats count values(modproc.process) AS process from datamodel=dmname.modproc where nodename=modproc by modproc.blacklist modproc.process modproc.md5"

// Blacklisted

       var blacklistProcesses = new PostProcessManager({
        id: "blacklistProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | search blacklist IN (\"t\") | stats count"
        });

       new SingleView({
        id: "blacklistProcesses_Dashboard",
        managerid: "blacklistProcesses",
        height: "50",
        el: $("#blacklistProc")
       }).render();

// Get your div
    var my_div = $("#blacklistProc");

// Respond to clicks
    my_div.on("click", function(e) {
        var tokens = mvc.Components.get("submitted");
        tokens.set("mytoken", "| search blacklist IN (\"t\")");
    });

// Process Table View
       var tableProcesses = new PostProcessManager({
        id: "tableProcesses",
        managerid: "baseSearch",
        search: "| rename modproc.* AS * | $mytoken$"
        }, {tokens: true});

       new TableView({
        id: "tblProcess",
        managerid: "tableProcesses",
        pageSize: "50",
        el: $("#tableProc")
      }).render();
    });

My XML

<dashboard script="test.js" stylesheet="test.css" theme="dark">
  <label>Test Javascript Dashboard</label>
  <row>
     <panel>
      <html>

      <h3 class="MainHeading"> Blacklisted </h3> 
      <div id="blacklistProc"/>
   
    </html>
    </panel>
</row>

  <row>
    <panel>
      <title>My Table</title>
      <html>
        <div id="tableProc"/>
     </html>
    </panel>
  </row>
</dashboard>

I have also tried to use drilldown in the SingleView, but that just opens the Search window.

Thanks

Splunk Web Framework Javascript SingleView Tokens: How to convert most of my xml to javascript in my dashboards?

configuration

using Splunk Enterprise

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation