Solved: How to launch an action from dashboard

dreadangel · ‎04-26-2019

My splunk contains an index_main which collects events with next (simplified) format

id, status, description

A dashboard contains a dropdown, which loads via dedup status, and a table which loads the events filtered by dropdown's selected value.
The goal is, via dashboard, to copy the events from index_main to other indexes based on dropdown's value - as status fields admits (Info, Error, Critical) values, then data should be copied to index_info, index_error and index_critical indexes (indexes already exists) - I plan to use collect but I see no solution how to launch the script.

Any thoughts upon this kind of integration? Or I miss something?

dreadangel · ‎04-30-2019

Actually, I found my answer here (https://answers.splunk.com/answers/600664/dashboard-button-to-run-spl-on-click.html). Thank you all for your assistance.

View solution in original post

dreadangel · ‎04-30-2019

Actually, I found my answer here (https://answers.splunk.com/answers/600664/dashboard-button-to-run-spl-on-click.html). Thank you all for your assistance.

woodcock · ‎04-26-2019

The collect command is not part of a script, it is SPL, so it is trivial. Just have a panel with something like this:

index="index_main" AND status=$dropdown_token$ | dedup status | addinfo | collect index=index_$dropdown_token$

adonio · ‎04-26-2019

what is the problem you are trying to solve?
seems like with your method every click / interaction with the dashboard should send results to summary index, is that what you are trying to achieve?

How to launch an action from dashboard

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms