@anissabnk  Are you looking for this? XML: <dashboard version="1.1" script="dropdown_via_js.js"> <label>Dropdown Via JS</label> <row> <panel> <html> <div id="mydropdownview"></div> </html> </panel> </row> </dashboard>   JS: require([ "splunkjs/mvc/searchmanager", "splunkjs/mvc/dropdownview", "splunkjs/mvc/simplexml/ready!" ], function(SearchManager, DropdownView) { // Use this search to populate the dropdown with index values let my_search = new SearchManager({ id: "example-search", search: "index=_internal |stats count by source |table source" }); // Instantiate components let my_dropdown = new DropdownView({ id: "example-dropdown", managerid: "example-search", labelField: "source", valueField: "source", el: $("#mydropdownview") }).render(); });       I hope this will help you. Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge.     ... View more

Hello @kackerman7  I'm sharing the POC details I worked on a few years ago. If you are using client-server architecture for your External React Application, I suggest checking my architecture which easily integrates with your existing architecture.   Just go through it, try it in your local lab, and let me know if you need more help.    I hope this will help you. Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge.   ... View more

@anooshac  Can you please share your full sample code? KV ... View more

@anooshac  Can you please try this sample code?  Please observe 2nd column width. <dashboard version="1.1" theme="dark"> <label>table column size</label> <row> <panel> <table id="tableColumWidth"> <search> <query>|makeresults count=5 | eval A=random(), B=random(), status=A, action=A</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <html> <style> #tableColumWidth table th:nth-child(2), #tableColumWidth table td:nth-child(2) { width: 1000px !important; overflow-wrap: anywhere !important; } </style> </html> </panel> </row> </dashboard>   I hope this will help you.   Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge. ... View more

@verothor  Have you tried something like this? require([ 'underscore', 'jquery', 'splunkjs/mvc', "splunkjs/mvc/searchmanager", 'splunkjs/mvc/simplexml/ready!' ], function (_, $, mvc, SearchManager) { let mySearch = new SearchManager({ id: "mysearch", autostart: "false", search: '| makeresults | eval test = "This is test" ', preview: false, }, { tokens: true, tokenNamespace: "submitted" }); let mySearchResults = mySearch.data("results"); mySearchResults.on("data", function () { resultArray = mySearchResults.data().rows; console.log("My Data", resultArray); }); $(document).ready(function () { setInterval(function () { mySearch.startSearch(); }, 3000); }); });   Note: This is a sample JS. Just modify as per your requirement.    KV ... View more

@mipa04  I assume tlogParameters filed getting extracted properly. Can you please try the below search? YOUR_SEARCH | eval tlogParameters = replace(tlogParameters, "'","\"") | eval _raw = tlogParameters | spath | rename {}.* as *   My Sample Search : | makeresults | eval tlogParameters="[{'triggeredEventName': 'CustomerLoggedIn', 'owner': 'communicationcenter', 'channel': 'SiteMessage', 'sentOrNotSent': 'Sent', 'reasonNotSent':null}]" | append [| makeresults | eval tlogParameters="[{'triggeredEventName': 'CustomerLoggedIn', 'owner': 'communicationcenter', 'channel': 'SiteMessage', 'sentOrNotSent': 'Sent', 'reasonNotSent':null}]"] | rename comment as "upto now is sample data only" | eval tlogParameters = replace(tlogParameters, "'","\"") | eval _raw = tlogParameters | spath | rename {}.* as *      I hope this will help you. Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated. ... View more

I agree with @ITWhisperer .  and your sample JSON looks like an array of objects also. So please share a masked event here.   Meanwhile, I'm sharing a sample query so that you can start on the solution.  | makeresults | eval params="[{'field1':'value1','field2':'value2','field3':'value3','field4':'value4'}]" | rename comment as "upto now is sample data only" | eval params = replace(params, "'","\"") | eval _raw = params | spath   I have handled a single quote here.   if you have valid JSON then just remove `| eval params = replace(params, "'","\"")` .   Thanks  KV    ... View more

@karthi2809    Are you looking for this? <form version="1.1" theme="dark"> <label>Application</label> <fieldset submitButton="false"> <input type="dropdown" token="BankApp" searchWhenChanged="true"> <label>ApplicationName</label> <choice value="*">All</choice> <search> <query> | makeresults | eval applicationName="Test1,Test2,Test3" | eval applicationName=split(applicationName,",") | stats count by applicationName | table applicationName </query> </search> <fieldForLabel>applicationName</fieldForLabel> <fieldForValue>applicationName</fieldForValue> <default>*</default> <prefix>applicationName="</prefix> <suffix>"</suffix> <change> <condition match="$value$==&quot;*&quot;"> <set token="new_value">applicationName IN ("Test1" , "TEST2" , "Test3")</set> </condition> <condition> <set token="new_value">$BankApp$</set> </condition> </change> </input> <input type="dropdown" token="interface" searchWhenChanged="true"> <label>InterfaceName</label> <choice value="*">All</choice> <search> <query> | inputlookup BankIntegration.csv | search $new_value$ | eval InterfaceName=split(InterfaceName,",") | stats count by InterfaceName | table InterfaceName </query> </search> <fieldForLabel>InterfaceName</fieldForLabel> <fieldForValue>InterfaceName</fieldForValue> <default>*</default> <prefix>InterfaceName="</prefix> <suffix>"</suffix> <change> <condition match="$value$==&quot;*&quot;"> <set token="new_interface">InterfaceName IN ( "USBANK_KYRIBA_ORACLE_CE_BANKSTMTS_INOUT", "USBANK_AP_POSITIVE_PAY", "HSBC_NA_AP_ACH", "USBANK_AP_ACH", "HSBC_EU_KYRIBA_CE_BANKSTMTS_TWIST_INOUT")</set> </condition> <condition> <set token="new_interface">$interface$</set> </condition> </change> </input> </fieldset> <row> <panel> <html> Dropdown Value = $BankApp$ <br/> new_value= $new_value$ <br/> new_interface = $new_interface$ <br/> | inputlookup BankIntegration.csv | search $new_value$ | eval InterfaceName=split(InterfaceName,",") | stats count by InterfaceName | table InterfaceName </html> </panel> </row> </form> ... View more

@karthi2809  Try using `new_value` as a filter in the Interface Drop down.  ... View more

@Vasulaxnik  Can you please share your sample code and JS?  Or Let's follow the community best practice create new questions and tag me for new comments and conversations :).   KV ... View more

@Muthu_Vinith    Are you looking like this?  XML <form version="1.1" theme="dark"> <label>Chechbox</label> <fieldset submitButton="false"> <input type="checkbox" token="checkbox_a"> <label></label> <choice value="panel_a">Panel A</choice> <delimiter> </delimiter> <change> <condition match="$checkbox_a$==&quot;panel_a&quot;" > <set token="tkn_panel_a">1</set> </condition> <condition> <unset token="tkn_panel_a"></unset> </condition> </change> </input> <input type="checkbox" token="checkbox_b"> <label></label> <choice value="panel_b">Panel B</choice> <delimiter> </delimiter> <change> <condition match="$checkbox_b$==&quot;panel_b&quot;" > <set token="tkn_panel_b">1</set> </condition> <condition> <unset token="tkn_panel_b"></unset> </condition> </change> </input> </fieldset> <row> <panel depends="$tkn_panel_a$"> <title>Panel One $checkbox_a$</title> <chart> <search> <query>| makeresults | eval a=100</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="charting.chart">pie</option> <option name="charting.drilldown">none</option> <option name="refresh.display">progressbar</option> </chart> </panel> <panel depends="$tkn_panel_b$"> <title>Panel Two $checkbox_b$</title> <chart> <search> <query>| makeresults | eval a=100</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="charting.chart">pie</option> <option name="charting.drilldown">none</option> <option name="refresh.display">progressbar</option> </chart> </panel> </row> </form>       I hope this will help you.   Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated. ... View more

@wvalente2  Are you looking for this? https://community.splunk.com/t5/Splunk-Dev/Table-row-expansion-with-dynamic-search-in-the-JS/m-p/561412 Please share more details of your requirements in case you need more details.   Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.  ... View more

Updated Answer for this thread. @willtseng0217  Please try below full sample code below your requirement. collections.conf [my_status_data] enforceTypes = true field.status = string field.unique_id = string   transforms.conf   [my_status_data_lookup] external_type = kvstore collection = my_status_data fields_list = _key, status, unique_id   XML <dashboard version="1.1" theme="dark" script="test.js"> <label>js for button on table cell</label> <row> <panel> <table id="table1"> <search id="SearchA"> <query>| makeresults count=10 | eval A=1 | accum A | eval B=random() | lookup my_status_data_lookup unique_id as A output status | eval action= case(isnull(status),"Ack",status=="Ack","Unack", 1=1,"Ack") +"|"+ A | eval status = if(isnull(status),"",status) +"|"+A </query> <earliest>-24h@h</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> </search> <option name="count">20</option> <option name="dataOverlayMode">none</option> <option name="drilldown">none</option> <option name="percentagesRow">false</option> <option name="rowNumbers">false</option> <option name="totalsRow">false</option> <option name="wrap">true</option> </table> </panel> </row> </dashboard>   test.js   require([ 'underscore', 'jquery', 'splunkjs/mvc', 'splunkjs/mvc/tableview', 'splunkjs/mvc/simplexml/ready!' ], function (_, $, mvc, TableView) { console.log("Hie 65100"); var SearchA = mvc.Components.get("SearchA"); let CustomCellRenderer = TableView.BaseCellRenderer.extend({ canRender: function (cell) { // Enable this custom cell renderer for the confirm field return _(["action", "status"]).contains(cell.field); }, render: function ($td, cell) { if (cell.field == "action") { const cell_value = cell.value.split("|")[0] let unique_id = cell.value.split("|")[1]; let button_id = "action_btn_" + unique_id; let div_id = "status_div_" + unique_id; console.log(cell_value); let button = $('<button />', { value: cell_value, id: button_id, on: { click: function () { console.log(unique_id, button_id); console.log(div_id); let div_value = $('#' + div_id).html(); let new_status = ""; if (div_value == "Ack") { $('#' + div_id).html("Unack"); $('#' + button_id).html("Ack"); new_status = "Unack" } else { $('#' + div_id).html("Ack"); $('#' + button_id).html("Unack"); new_status = "Ack" } update_collection_data(unique_id, new_status); } } }).addClass("extend_expiry btn-sm btn btn-primary").html(cell_value); $td.html(button) } if (cell.field == "status") { console.log(cell.value); const cell_value = cell.value.split("|")[0] const cell_id = cell.value.split("|")[1] console.log(cell_value); console.log(cell_id); let div_id = "status_div_" + cell_id; let html = `<div id="` + div_id + `">` + cell_value + `</div>` $td.html(html) } } }); function update_collection_data(unique_id, status) { var record = { status: status, unique_id: unique_id, _key: unique_id } let collection = "my_status_data"; $.ajax({ url: '/en-US/splunkd/__raw/servicesNS/nobody/search/storage/collections/data/' + collection + '/' + unique_id, type: "POST", async: true, contentType: "application/json", data: JSON.stringify(record), success: function(returneddata) { console.log("Updated!", returneddata) }, error: function(xhr, textStatus, error) { console.error("Error Updating!", xhr, textStatus, error); $.ajax({ url: '/en-US/splunkd/__raw/servicesNS/nobody/search/storage/collections/data/' + collection, type: "POST", async: true, contentType: "application/json", data: JSON.stringify(record), success: function(returneddata) { console.log("Added!", returneddata) }, error: function(xhr, textStatus, error) { console.error("Error Adding!", xhr, textStatus, error); } }); } }); } let sh = mvc.Components.get("table1"); if (typeof (sh) != "undefined") { sh.getVisualization(function (tableView) { // Add custom cell renderer and force re-render tableView.table.addCellRenderer(new CustomCellRenderer()); tableView.table.render(); }); } });     I hope this will help you. Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.     ... View more

Check this post for more technical details. https://community.splunk.com/t5/Dashboards-Visualizations/How-to-use-dynamic-checkbox-in-table/m-p/635091     ... View more

Yes @willtseng0217  You can store data KV store. You have to just take care of a couple of things. create a lookup with a unique ID that can be used for updating records. call KVStore API with the click of a button.  display status and action button value as per the KV Store.    I hope this will help you to move further 🙂  ... View more

Now you can try Chat GTP. it will give this answer only. 😜 🤣 ... View more

@Splunkanator  Can you please share some sample events and expected output? KV ... View more

@jason_hotchkiss  QQ:  Any custom JS you are using across dashboards?   KV ... View more

@quentin_young  Use this link for Splunk Web Framework Component Reference.  https://docs.splunk.com/DocumentationStatic/WebFramework/1.0/ JQuery: https://www.w3schools.com/jquery/default.asp Splunk UI Toolkit: https://splunkui.splunk.com/home Integrating jQuery DataTables Into Splunk: https://hurricanelabs.com/splunk-tutorials/integrating-jquery-datatables-into-splunk-tutorial-part-1/  and so on. Happy Learning if you face any issues, just let us know.   Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.   ... View more

@RSS_STT  You can also try adding this in props.conf. [cluster_test] EXTRACT-fields = "CI":\s"(?<CI_V2>.*)\;(?<CI_1>.*)\;(?<CI_2>.*)\;(?<CI_3>.*)\;(?<CI_4>.*)\;(?<CI_5>.*)\",     I hope this will help you. Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.     ... View more

@alvesri  It should work. Can you please just compare your code with my code. var mySearch = mvc.Components.get("mySearch"); var mySearchResults = mySearch.data("results"); mySearchResults.on("data", function () { resultArray = mySearchResults.data().rows; // Iterate Result set $.each(resultArray, function (index, value) { console.log(index, value) console.log(index, value[0]) console.log(index, value[1]) console.log(index, value[2]) }) });   I hope this will help you. Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.   ... View more

@mad_splunker  index=someindex cluster=api uuid=api_uuid [ search index=someindex cluster=gw uuid=gw98037234c6e51a48816016172b8a3c56 | eval uuid="gw"+reqid | table uuid ]   Can you please try this? I have used different approach.    thanks KV ... View more