Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Dashboard Link

kalpesh11
New Member
‎11-21-2019 06:23 PM

Scenario:
I have two panels in one dashboard. Panel A and Panel B. I need a system that, when i click on A only that dashboard should reflect, and if im clicking on B, 2nd dashboard should reflect(nothing on A).

0 Karma
Reply

wmyersas
Builder
‎11-22-2019 08:26 AM

I use a dropdown selector and the depends="$tokenhere$" method

Here is a snippet that explains this:

<input type="dropdown" token="droptok" searchWhenChange="true">
  <change>
    <condition value="val1">
      <unset token="token2"></unset>
      <set token="token1">token1</set>
    </condition>
    <condition value="val2">
      <unset token="token1"></unset>
      <set token="token2">token2</set>
    </condition>
  </change>
...
</input>
...
<row>
  <panel depends="$token1$"></panel>
  <panel depends="$token2$"></panel>
</row>

When you pick a different item from the dropdown, it will hide the panel currently displayed, and "swap-in" the one you can't (because of the depends="$tokenhere$" feature of the <panel> tag.

It also works on other things that can utilize depends="$tokenhere$", like <row> or <input>

0 Karma
Reply

renjith_nair
Legend
‎11-22-2019 07:03 AM

@kalpesh11,
How should it display on dashboard load (display both panels or none ? )
When panelA clicks , should PanelB disappear and vice versa? What should be the action to bring back Panel B

Are you looking for something along the lines

<form>
  <label>Dashboard Panels</label>
  <fieldset submitButton="false">
    <input type="radio" token="panel">
      <label>Panels</label>
      <choice value="panela">Panel A</choice>
      <choice value="panelb">Panel B</choice>
      <default>panela</default>
      <change>
        <condition match='$value$=="panela"'>
          <set token="panela"></set>
          <unset token="panelb"></unset>
        </condition>
        <condition match='$value$=="panelb"'>
          <set token="panelb"></set>
          <unset token="panela"></unset>
        </condition>
      </change>
    </input>
  </fieldset>
  <row>
    <panel depends="$panela$">
      <title>Panel A</title>
      <chart>
        <search>
          <query>index=_internal earliest=-5m|timechart count</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">line</option>
        <option name="charting.drilldown">all</option>
        <drilldown>
          <unset token="panelb"></unset>
        </drilldown>
      </chart>
    </panel>
    <panel depends="$panelb$">
      <title>Panel B</title>
      <chart>
        <search>
          <query>index=_internal earliest=-5m |stats count by sourcetype</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.drilldown">all</option>
        <drilldown>
          <unset token="panela"></unset>
        </drilldown>
      </chart>
    </panel>
  </row>
</form>
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...