Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I show/hide table columns?

BobKimata
Path Finder
‎12-01-2015 12:37 AM

I have several tables that are populated by an SQL query. I would like to have options to show or hide columns depending on what the user wants to see.

Cheers,
Bob

Reply
1 Solution
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎12-01-2015 12:52 AM

An easy solution would be to place a multiselect input above the table and give it some static options containing the field names. For "Delimiter" of the input, you enter a space, and at the end of the search powering the table, you simply place ... | table $token$ where token is the same name you gave the token in the input.

You should probably set some entries by default in the multiselect.

Update: In the meantime I also added a sorting capability to the multiselect which makes this even more useful. For anyone interested, add this js to your dashboard:

require([
        'jquery',
        'splunkjs/mvc',
        'splunkjs/mvc/simplexml/ready!'
    ], function ($, mvc) {

    var tokens = mvc.Components.getInstance('default');
    var hidden_input = $("#your_input_id_here > div > input");

    hidden_input.select2("container").find("ul.select2-choices").sortable({
        containment: 'parent',
        start: function() {
            hidden_input.select2("onSortStart");
        },
        update: function() {
            hidden_input.select2("onSortEnd");
            tokens.set("form.field_tok", hidden_input.val().split(','));
        }
    });
});

And voila, you can move those entries around with your mouse. You might want to add some css and change the mouse cursor over multiselect entries to an arrow or something.

View solution in original post

Reply
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎12-01-2015 12:52 AM

An easy solution would be to place a multiselect input above the table and give it some static options containing the field names. For "Delimiter" of the input, you enter a space, and at the end of the search powering the table, you simply place ... | table $token$ where token is the same name you gave the token in the input.

You should probably set some entries by default in the multiselect.

Update: In the meantime I also added a sorting capability to the multiselect which makes this even more useful. For anyone interested, add this js to your dashboard:

require([
        'jquery',
        'splunkjs/mvc',
        'splunkjs/mvc/simplexml/ready!'
    ], function ($, mvc) {

    var tokens = mvc.Components.getInstance('default');
    var hidden_input = $("#your_input_id_here > div > input");

    hidden_input.select2("container").find("ul.select2-choices").sortable({
        containment: 'parent',
        start: function() {
            hidden_input.select2("onSortStart");
        },
        update: function() {
            hidden_input.select2("onSortEnd");
            tokens.set("form.field_tok", hidden_input.val().split(','));
        }
    });
});

And voila, you can move those entries around with your mouse. You might want to add some css and change the mouse cursor over multiselect entries to an arrow or something.

Reply
Solved! Jump to solution

BobKimata
Path Finder
‎12-01-2015 08:17 AM

Managed to get it working.

0 Karma
Reply
Solved! Jump to solution

BobKimata
Path Finder
‎12-01-2015 01:44 AM

Thanks for the solution. It works, however, it tends to sort my table alphabetically and not the way it appears in my SQL query. This interferes with my drilldowns. I have put * as my default value. I have populated my multiselect with fieldnames using an SQL query as well.

0 Karma
Reply
Solved! Jump to solution

jeffland
SplunkTrust
SplunkTrust
‎12-01-2015 01:54 AM

Are you referring to the order of your columns or your rows? Columns are usually always sorted lexicographically, except specified explicitly (the order in which you list them after a table or fields command). You can also consider changing the search to something like this

... | table _time id $token$

so that the table will always have a timestamp and and an id first place (or whatever you have in your data that is always present, such as host or source).
You should also consider having an explicit selection of fields per default in your multiselect instead of an asterisk. This would on the one hand solve your problem of lexicographic order within the columns (which the asterisk does), and it would also allow the user to de-select specific columns from the standard selection.

0 Karma
Reply
Solved! Jump to solution

BobKimata
Path Finder
‎12-01-2015 07:28 AM

Thanks a lot. It worked well. The other challenge is that the fields are many so it doesn't look good on the dashboard. I need to increase the width of the multiselect. I have looked on all forums but their solutions aren't working. Am using Splunk 6. Tried overriding the default width using css but it hasn't worked.

0 Karma
Reply
Solved! Jump to solution

jeffland
SplunkTrust
SplunkTrust
‎12-01-2015 11:09 PM

Have you tried this method of giving your item an id and changing it via id?

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...