@onthakur  Try something like this. index=xyz (X_App_ID=abc API_NAME=abc_123 NOT externalURL) OR ("xmlResponseMapping") |stats values(accountType) as accountType values(accountSubType) as accountSubType by X_Correlation_ID   KV  ... View more

@oO0NeoN0Oo  I think JavaScript Fetch API is not directly available in splunk dashboard js. But you can try this JS code which is working fone for me. var settings = { "url": "https://localhost:8088/services/collector/event", "method": "POST", "timeout": 0, "headers": { "Authorization": "Splunk hec_token", "Content-Type": "application/json" }, "data": JSON.stringify({ "sourcetype": "my_sample_data", "event": "this is my data!" }), }; $.ajax(settings).done(function (response) { console.log(response); });   As you are sending events from the browser you should gothrogh below link as well. https://www.splunk.com/en_us/blog/tips-and-tricks/http-event-collector-and-sending-from-the-browser.html I hope this will help you. Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge. ... View more

@rohithvr19  The python file should be in bin folder of your app. Can you please confirm whether the individual script is working fine? Have you tried my shared app on your local machine? If my app is working fine then try to add your Python code to this app.    Thanks KV ... View more

@rohithvr19  It looks like there is some error in the endpoint.  Can you please check logs in "splunk/var/log/splunk/python.log"?  Sharing my sample code.  KV ... View more

@rohithvr19  Your script won't work on my machine so I have created a sample script which returns simple "Hello world" text on click of dashboard button. You just create a similar configuration and Python file as per your requirement.  Below is the code and file/folder structure.     hello_world.py import splunk, sys from json import dumps class HelloWorld(splunk.rest.BaseRestHandler): ''' Class for service custom endpoint. ''' def handle_POST(self): ''' This endpoint handler :return: None ''' payload = { "text": "Hello world!" } response = dumps({"data": payload, "status": "OK", "error": "None"}) self.response.setHeader('content-type', 'application/json') self.response.write(response) #handle verbs, otherwise Splunk will throw an error handle_GET = handle_POST   restmap.conf [script:my_custom_endpoint] match = /my_custom_endpoint handler = hello_world.HelloWorld   web.conf [expose:my_custom_endpoint] pattern = my_custom_endpoint methods = GET, POST   XML <dashboard script="fetch_data.js" version="1.1"> <label>My Dashboard</label> <description>Dynamic Result Example</description> <row> <panel> <html> <div> <button id="fetch-data-button">Fetch Data</button> <div id="div_result" style="margin-top: 10px; border: 1px solid #ccc; padding: 10px;">Result will be displayed here.</div> </div> </html> </panel> </row> </dashboard>   fetch_data.js require([ 'jquery', 'splunkjs/mvc', 'splunkjs/mvc/simplexml/ready!' ], function($, mvc) { $('#fetch-data-button').on('click', function() { var service = mvc.createService(); service.post('/services/my_custom_endpoint', {}, function (err, response) { console.log(response); console.log(response.data); console.log(response.data.data); console.log(response.data.data.text); $('#div_result').html(response.data.data.text); }); return false; }); });   Screenshot       Try this code to learn and understand the custom endpoint and develop a new endpoint as per your needs.   I hope this will help you. Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge.     ... View more

@rohithvr19  Please check my answer below. https://community.splunk.com/t5/Dashboards-Visualizations/Can-I-call-a-Python-script-from-a-dashboard-and-output-its/m-p/398088   Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge. ... View more

@timgren  Just remove  util/console  and console form the require block. like require(['jquery', 'underscore', 'splunkjs/mvc'], function($, _, mvc) {   You can directly use console  object in your JS code.   Full code. require(['jquery', 'underscore', 'splunkjs/mvc'], function($, _, mvc) { console.log("hieeeee"); function setToken(name, value) { var defaultTokenModel = mvc.Components.get('default'); if (defaultTokenModel) { defaultTokenModel.set(name, value); } var submittedTokenModel = mvc.Components.get('submitted'); if (submittedTokenModel) { submittedTokenModel.set(name, value); } } // Main $('.dashboard-body').on('click', '[data-on-class],[data-off-class],[data-set-token],[data-unset-token],[data-token-json]', function(e) { e.preventDefault(); console.log("Inside the click"); var target = $(e.currentTarget); console.log("here"); console.log("target.data('on-class')=" + target.data('on-class')); var cssOnClass= target.data('on-class'); var cssOffClass = target.data('off-class'); if (cssOnClass) { $("." + cssOnClass).attr('class', cssOffClass); target.attr('class', cssOnClass); } var setTokenName = target.data('set-token'); if (setTokenName) { setToken(setTokenName, target.data('value')); } var unsetTokenName = target.data('unset-token'); if (unsetTokenName) { var tokens = unsetTokenName.split(","); var arrayLength = tokens.length; for (var i = 0; i < arrayLength; i++) { setToken(tokens[i], undefined); //Do something } //setToken(unsetTokenName, undefined); } var tokenJson = target.data('token-json'); if (tokenJson) { try { if (_.isObject(tokenJson)) { _(tokenJson).each(function(value, key) { if (value == null) { // Unset the token setToken(key, undefined); } else { setToken(key, value); } }); } } catch (e) { console.warn('Cannot parse token JSON: ', e); } } }); }); I hope this will help you. Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge. ... View more

@catta99  Please check below code function test() { console.log("in test"); } require([ "jquery", "splunkjs/mvc", "splunkjs/mvc/simplexml/ready!" ], function($, mvc) { console.log("hello 2"); function test1() { console.log("in test1"); } $(document).ready(function () { $("#back").click(function(){ alert("button"); var param = $(this).data("param"); console.log(param); console.log("click"); history.back(); }); $("#backtest").click(function(){ test(); alert("Back"); }); $("#back1test").click(function(){ test1(); alert("Back1"); }); }) });   Splunk Web Framework works little different from regular or Native Jquery/Javascript behaviour specially on HTML element. So when you write <button onclick="test()">Back</button> <button onclick="test1()">Back1</button> It may not work bcoz when you run the dashboard, the Dashboard XML is rendering into complied version of JS, CSS and HTML. After all this process it will allow developer to add custom JS, CSS and even custom components through custom JS like button_test.js. So all customisation and the element event handleling will be define in this JS only. Suggestion: Using below code is not best practive. Just code what you want instead of this.history.back(); I hope this will help you. Let me know if you need further help on this. Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge.   ... View more

@Jeeva  Can you please share your sample code? KV ... View more

@arunsoni  Can you please add the below configurations in props.conf and try? [YOUR_SOURCETYPE] SEDCMD-a=s/^[^{]*//g   Note: it will be applied to new events only.     I hope this will help you. Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge.     ... View more

@anissabnk  Are you looking for this? XML: <dashboard version="1.1" script="dropdown_via_js.js"> <label>Dropdown Via JS</label> <row> <panel> <html> <div id="mydropdownview"></div> </html> </panel> </row> </dashboard>   JS: require([ "splunkjs/mvc/searchmanager", "splunkjs/mvc/dropdownview", "splunkjs/mvc/simplexml/ready!" ], function(SearchManager, DropdownView) { // Use this search to populate the dropdown with index values let my_search = new SearchManager({ id: "example-search", search: "index=_internal |stats count by source |table source" }); // Instantiate components let my_dropdown = new DropdownView({ id: "example-dropdown", managerid: "example-search", labelField: "source", valueField: "source", el: $("#mydropdownview") }).render(); });       I hope this will help you. Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge.     ... View more

Hello @kackerman7  I'm sharing the POC details I worked on a few years ago. If you are using client-server architecture for your External React Application, I suggest checking my architecture which easily integrates with your existing architecture.   Just go through it, try it in your local lab, and let me know if you need more help.    I hope this will help you. Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge.   ... View more

@anooshac  Can you please share your full sample code? KV ... View more

@anooshac  Can you please try this sample code?  Please observe 2nd column width. <dashboard version="1.1" theme="dark"> <label>table column size</label> <row> <panel> <table id="tableColumWidth"> <search> <query>|makeresults count=5 | eval A=random(), B=random(), status=A, action=A</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <html> <style> #tableColumWidth table th:nth-child(2), #tableColumWidth table td:nth-child(2) { width: 1000px !important; overflow-wrap: anywhere !important; } </style> </html> </panel> </row> </dashboard>   I hope this will help you.   Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge. ... View more

@verothor  Have you tried something like this? require([ 'underscore', 'jquery', 'splunkjs/mvc', "splunkjs/mvc/searchmanager", 'splunkjs/mvc/simplexml/ready!' ], function (_, $, mvc, SearchManager) { let mySearch = new SearchManager({ id: "mysearch", autostart: "false", search: '| makeresults | eval test = "This is test" ', preview: false, }, { tokens: true, tokenNamespace: "submitted" }); let mySearchResults = mySearch.data("results"); mySearchResults.on("data", function () { resultArray = mySearchResults.data().rows; console.log("My Data", resultArray); }); $(document).ready(function () { setInterval(function () { mySearch.startSearch(); }, 3000); }); });   Note: This is a sample JS. Just modify as per your requirement.    KV ... View more

@mipa04  I assume tlogParameters filed getting extracted properly. Can you please try the below search? YOUR_SEARCH | eval tlogParameters = replace(tlogParameters, "'","\"") | eval _raw = tlogParameters | spath | rename {}.* as *   My Sample Search : | makeresults | eval tlogParameters="[{'triggeredEventName': 'CustomerLoggedIn', 'owner': 'communicationcenter', 'channel': 'SiteMessage', 'sentOrNotSent': 'Sent', 'reasonNotSent':null}]" | append [| makeresults | eval tlogParameters="[{'triggeredEventName': 'CustomerLoggedIn', 'owner': 'communicationcenter', 'channel': 'SiteMessage', 'sentOrNotSent': 'Sent', 'reasonNotSent':null}]"] | rename comment as "upto now is sample data only" | eval tlogParameters = replace(tlogParameters, "'","\"") | eval _raw = tlogParameters | spath | rename {}.* as *      I hope this will help you. Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated. ... View more

I agree with @ITWhisperer .  and your sample JSON looks like an array of objects also. So please share a masked event here.   Meanwhile, I'm sharing a sample query so that you can start on the solution.  | makeresults | eval params="[{'field1':'value1','field2':'value2','field3':'value3','field4':'value4'}]" | rename comment as "upto now is sample data only" | eval params = replace(params, "'","\"") | eval _raw = params | spath   I have handled a single quote here.   if you have valid JSON then just remove `| eval params = replace(params, "'","\"")` .   Thanks  KV    ... View more

@karthi2809    Are you looking for this? <form version="1.1" theme="dark"> <label>Application</label> <fieldset submitButton="false"> <input type="dropdown" token="BankApp" searchWhenChanged="true"> <label>ApplicationName</label> <choice value="*">All</choice> <search> <query> | makeresults | eval applicationName="Test1,Test2,Test3" | eval applicationName=split(applicationName,",") | stats count by applicationName | table applicationName </query> </search> <fieldForLabel>applicationName</fieldForLabel> <fieldForValue>applicationName</fieldForValue> <default>*</default> <prefix>applicationName="</prefix> <suffix>"</suffix> <change> <condition match="$value$==&quot;*&quot;"> <set token="new_value">applicationName IN ("Test1" , "TEST2" , "Test3")</set> </condition> <condition> <set token="new_value">$BankApp$</set> </condition> </change> </input> <input type="dropdown" token="interface" searchWhenChanged="true"> <label>InterfaceName</label> <choice value="*">All</choice> <search> <query> | inputlookup BankIntegration.csv | search $new_value$ | eval InterfaceName=split(InterfaceName,",") | stats count by InterfaceName | table InterfaceName </query> </search> <fieldForLabel>InterfaceName</fieldForLabel> <fieldForValue>InterfaceName</fieldForValue> <default>*</default> <prefix>InterfaceName="</prefix> <suffix>"</suffix> <change> <condition match="$value$==&quot;*&quot;"> <set token="new_interface">InterfaceName IN ( "USBANK_KYRIBA_ORACLE_CE_BANKSTMTS_INOUT", "USBANK_AP_POSITIVE_PAY", "HSBC_NA_AP_ACH", "USBANK_AP_ACH", "HSBC_EU_KYRIBA_CE_BANKSTMTS_TWIST_INOUT")</set> </condition> <condition> <set token="new_interface">$interface$</set> </condition> </change> </input> </fieldset> <row> <panel> <html> Dropdown Value = $BankApp$ <br/> new_value= $new_value$ <br/> new_interface = $new_interface$ <br/> | inputlookup BankIntegration.csv | search $new_value$ | eval InterfaceName=split(InterfaceName,",") | stats count by InterfaceName | table InterfaceName </html> </panel> </row> </form> ... View more

@karthi2809  Try using `new_value` as a filter in the Interface Drop down.  ... View more

@Vasulaxnik  Can you please share your sample code and JS?  Or Let's follow the community best practice create new questions and tag me for new comments and conversations :).   KV ... View more

@Muthu_Vinith    Are you looking like this?  XML <form version="1.1" theme="dark"> <label>Chechbox</label> <fieldset submitButton="false"> <input type="checkbox" token="checkbox_a"> <label></label> <choice value="panel_a">Panel A</choice> <delimiter> </delimiter> <change> <condition match="$checkbox_a$==&quot;panel_a&quot;" > <set token="tkn_panel_a">1</set> </condition> <condition> <unset token="tkn_panel_a"></unset> </condition> </change> </input> <input type="checkbox" token="checkbox_b"> <label></label> <choice value="panel_b">Panel B</choice> <delimiter> </delimiter> <change> <condition match="$checkbox_b$==&quot;panel_b&quot;" > <set token="tkn_panel_b">1</set> </condition> <condition> <unset token="tkn_panel_b"></unset> </condition> </change> </input> </fieldset> <row> <panel depends="$tkn_panel_a$"> <title>Panel One $checkbox_a$</title> <chart> <search> <query>| makeresults | eval a=100</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="charting.chart">pie</option> <option name="charting.drilldown">none</option> <option name="refresh.display">progressbar</option> </chart> </panel> <panel depends="$tkn_panel_b$"> <title>Panel Two $checkbox_b$</title> <chart> <search> <query>| makeresults | eval a=100</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="charting.chart">pie</option> <option name="charting.drilldown">none</option> <option name="refresh.display">progressbar</option> </chart> </panel> </row> </form>       I hope this will help you.   Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated. ... View more

@wvalente2  Are you looking for this? https://community.splunk.com/t5/Splunk-Dev/Table-row-expansion-with-dynamic-search-in-the-JS/m-p/561412 Please share more details of your requirements in case you need more details.   Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.  ... View more

Updated Answer for this thread. @willtseng0217  Please try below full sample code below your requirement. collections.conf [my_status_data] enforceTypes = true field.status = string field.unique_id = string   transforms.conf   [my_status_data_lookup] external_type = kvstore collection = my_status_data fields_list = _key, status, unique_id   XML <dashboard version="1.1" theme="dark" script="test.js"> <label>js for button on table cell</label> <row> <panel> <table id="table1"> <search id="SearchA"> <query>| makeresults count=10 | eval A=1 | accum A | eval B=random() | lookup my_status_data_lookup unique_id as A output status | eval action= case(isnull(status),"Ack",status=="Ack","Unack", 1=1,"Ack") +"|"+ A | eval status = if(isnull(status),"",status) +"|"+A </query> <earliest>-24h@h</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> </search> <option name="count">20</option> <option name="dataOverlayMode">none</option> <option name="drilldown">none</option> <option name="percentagesRow">false</option> <option name="rowNumbers">false</option> <option name="totalsRow">false</option> <option name="wrap">true</option> </table> </panel> </row> </dashboard>   test.js   require([ 'underscore', 'jquery', 'splunkjs/mvc', 'splunkjs/mvc/tableview', 'splunkjs/mvc/simplexml/ready!' ], function (_, $, mvc, TableView) { console.log("Hie 65100"); var SearchA = mvc.Components.get("SearchA"); let CustomCellRenderer = TableView.BaseCellRenderer.extend({ canRender: function (cell) { // Enable this custom cell renderer for the confirm field return _(["action", "status"]).contains(cell.field); }, render: function ($td, cell) { if (cell.field == "action") { const cell_value = cell.value.split("|")[0] let unique_id = cell.value.split("|")[1]; let button_id = "action_btn_" + unique_id; let div_id = "status_div_" + unique_id; console.log(cell_value); let button = $('<button />', { value: cell_value, id: button_id, on: { click: function () { console.log(unique_id, button_id); console.log(div_id); let div_value = $('#' + div_id).html(); let new_status = ""; if (div_value == "Ack") { $('#' + div_id).html("Unack"); $('#' + button_id).html("Ack"); new_status = "Unack" } else { $('#' + div_id).html("Ack"); $('#' + button_id).html("Unack"); new_status = "Ack" } update_collection_data(unique_id, new_status); } } }).addClass("extend_expiry btn-sm btn btn-primary").html(cell_value); $td.html(button) } if (cell.field == "status") { console.log(cell.value); const cell_value = cell.value.split("|")[0] const cell_id = cell.value.split("|")[1] console.log(cell_value); console.log(cell_id); let div_id = "status_div_" + cell_id; let html = `<div id="` + div_id + `">` + cell_value + `</div>` $td.html(html) } } }); function update_collection_data(unique_id, status) { var record = { status: status, unique_id: unique_id, _key: unique_id } let collection = "my_status_data"; $.ajax({ url: '/en-US/splunkd/__raw/servicesNS/nobody/search/storage/collections/data/' + collection + '/' + unique_id, type: "POST", async: true, contentType: "application/json", data: JSON.stringify(record), success: function(returneddata) { console.log("Updated!", returneddata) }, error: function(xhr, textStatus, error) { console.error("Error Updating!", xhr, textStatus, error); $.ajax({ url: '/en-US/splunkd/__raw/servicesNS/nobody/search/storage/collections/data/' + collection, type: "POST", async: true, contentType: "application/json", data: JSON.stringify(record), success: function(returneddata) { console.log("Added!", returneddata) }, error: function(xhr, textStatus, error) { console.error("Error Adding!", xhr, textStatus, error); } }); } }); } let sh = mvc.Components.get("table1"); if (typeof (sh) != "undefined") { sh.getVisualization(function (tableView) { // Add custom cell renderer and force re-render tableView.table.addCellRenderer(new CustomCellRenderer()); tableView.table.render(); }); } });     I hope this will help you. Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.     ... View more

Check this post for more technical details. https://community.splunk.com/t5/Dashboards-Visualizations/How-to-use-dynamic-checkbox-in-table/m-p/635091     ... View more