Splunk Search

Self defined variable format in javascript search query

clement
Explorer

I found many token based variable search examples online but not on own created variable in customized Javascript. E.g: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEWY

May I know how to define mixture of self defined and token based variable in Javascript search query e.g variable "filename" and "alertid" in the example follow?

// partial javascript code:
var alertid= tokens.get("alertid_token"); //tokens received
var filename = "1512234117_372926.png"; //own created variable

   // Search Manager - Make a search using tokens obtained
    var search = new SearchManager({
        "id": "search_img",
        "earliest_time": "-5m@m",
        "latest_time": "now",
        "search":"| imgsearch alertid filename",  // are these variable format correct?
        "cancelOnUnload": true,
        "autostart": false,
       "auto_cancel": 90,
        "preview": false,
        "cache": false
    });
Tags (1)
0 Karma
1 Solution

clement
Explorer

@niketnilay, thank you for your reply.

I tested your suggestion, however it is not working.

The two "console.log(alertid);" and "console.log(filename);" before search execution output are correct, but "Search started" or "search:done" status is not shown.

Please find the my complete JS code follows:

require([
"splunkjs/mvc",
"splunkjs/mvc/searchmanager",
"splunkjs/mvc/simplexml/ready!"
], function(mvc) {

var SearchManager = require("splunkjs/mvc/searchmanager");

// Get the Events table
var myEventsTable = mvc.Components.get('myevents');


// Respond to a click event
myEventsTable.on("click", function(e) {


    // Get the default model
    var tokens = mvc.Components.get("default");
    var alertid= tokens.get("src_type_tok");
    var ctime = new Date().getTime();

    // create file and path var
    var filename = ctime + "_" + alertid + ".png";

    console.log(alertid);
    console.log(filename);

    var search = new SearchManager({
         "id": "search_img",
         "earliest_time": "-5m@m",
         "latest_time": "now",
         "search": "| imgsearch $alertid$ $filename$",    // this one not working
       //"search": "| imgsearch 3215687 153857376_3215687.png",   // this is working fine
         "cancelOnUnload": true,
         "autostart": false,
         "auto_cancel": 90,
         "preview": false,
         "cache": false,
         "tokenDependencies": {
         },
         "runWhenTimeIsUndefined": false
    }, {tokens: true, tokenNamespace: "submitted"});

    console.log("after search function");

    search.on('search:failed', function() {
        console.log("Search failed");
    }.bind(this));

    search.on("search:start", function() {
        console.log("Search started");
    }.bind(this));

    search.on("search:done", function() {
        console.log("Search completed");
    }.bind(this));

    // Start the search
    search.startSearch();
});

});

View solution in original post

0 Karma

clement
Explorer

@niketnilay, thank you for your reply.

I tested your suggestion, however it is not working.

The two "console.log(alertid);" and "console.log(filename);" before search execution output are correct, but "Search started" or "search:done" status is not shown.

Please find the my complete JS code follows:

require([
"splunkjs/mvc",
"splunkjs/mvc/searchmanager",
"splunkjs/mvc/simplexml/ready!"
], function(mvc) {

var SearchManager = require("splunkjs/mvc/searchmanager");

// Get the Events table
var myEventsTable = mvc.Components.get('myevents');


// Respond to a click event
myEventsTable.on("click", function(e) {


    // Get the default model
    var tokens = mvc.Components.get("default");
    var alertid= tokens.get("src_type_tok");
    var ctime = new Date().getTime();

    // create file and path var
    var filename = ctime + "_" + alertid + ".png";

    console.log(alertid);
    console.log(filename);

    var search = new SearchManager({
         "id": "search_img",
         "earliest_time": "-5m@m",
         "latest_time": "now",
         "search": "| imgsearch $alertid$ $filename$",    // this one not working
       //"search": "| imgsearch 3215687 153857376_3215687.png",   // this is working fine
         "cancelOnUnload": true,
         "autostart": false,
         "auto_cancel": 90,
         "preview": false,
         "cache": false,
         "tokenDependencies": {
         },
         "runWhenTimeIsUndefined": false
    }, {tokens: true, tokenNamespace: "submitted"});

    console.log("after search function");

    search.on('search:failed', function() {
        console.log("Search failed");
    }.bind(this));

    search.on("search:start", function() {
        console.log("Search started");
    }.bind(this));

    search.on("search:done", function() {
        console.log("Search completed");
    }.bind(this));

    // Start the search
    search.startSearch();
});

});

0 Karma

niketn
Legend

@clement, what you are trying to do can be done in Simple XML itself. Any specific reason for JavaScript?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

clement
Explorer

@niketnilay, indeed you have just highlighted a good pointer for me to find a workaround, thank you.

I refer to the following workaround, it work fine for my requirement:
https://answers.splunk.com/answers/239159/multiple-base-searches-in-a-dasboard-with-post-pro.html

Thanks again for sharing your information 🙂

0 Karma

niketn
Legend

@clement, seems like you are using post processing to overcome the issue you were facing. While init section to initialize token is a different approach. But I am glad you found something working for you.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketn
Legend

@clement, I believe imgsearch is your custom SPL command. The tokens in search string should be placed withing dollar signs i.e.

|  imgsearch $filename$ $alert_id$

Following is what your search might look like with the changes.

var search = new SearchManager({
            "id": "search_img",
            "earliest_time": "-5m@m",
            "latest_time": "now",
            "search": "|  imgsearch $filename$ $alert_id$",
            "cancelOnUnload": true,
            "autostart": false,
            "auto_cancel": 90,
            "preview": false,
            "cache": false,
            "tokenDependencies": {
            },
            "runWhenTimeIsUndefined": false
        }, {tokens: true, tokenNamespace: "submitted"});

PS: From Splunk Enterprise 6.5 onward, if you are not using HTML Dashboards you should have <init> section in Simple XML dashboard which should allow you to initialize your own static tokens like filename. Which implies you do not require Simple XML JavaScript Extension for such scenarios. (PS: init section does not work in HTML Dashboard or after conversion to HTML Dashboard.)

  <init>
    <set token="filename">1512234117_372926.png</set>
  </init>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...