My customer has asked me to create a dashboard for the error in OS logs and as there are plenty he wants to make sure that particular error has been acknowledged or not. So he has asked me create a button in each row of a table which will show on click that it has been acknowledged.
1: Add this to each report | streamstats count AS _serial to add an invisible field named _serial to each event/row.
2: Create a DB in your Search Heads KV Store that contains SID and _serial and an acknowledged boolean.
3: Create a dashboard that pulls the report in using the saved_searches REST API to get the SID, load the events with loadjob, add in the boolean values for each row from the KV store, and present the custom view with the added column to flip the acknowledged boolean.
Please do elaborate on how this can be done with @sideview 's most excellent utils and also why you would like another alternative.
Thanks woodcock! Since the question is about doing this without Sideview Utils, I'll be as brief as I can. This sort of thing, wedging arbitrary UI into table cells, is done using the "table embedding" feature of the Sideview Table module. The only docs and examples are in the Sideview Utils app itself, but they are decent and there's an example of putting in a button. Just like woodcock says, there are other bits just as important, concerning how you manage (ie remember) the state of the previously acknowledged rows.
And I think your comment about "then it wouldn't allow me to export..." is referring to the fact that simpleXML views can be exported to HTML views. However Sideview XML views can not. This is indeed the case. And I'm sorry but I do not know, short of writing quite a lot of custom code, of any way to implement the same thing from scratch in a SplunkJS / "html view". Hopefully someone else who is a more of an expert in that area can give you a more definitive answer there.