Splunk Search

How to make a Splunk table visualization more interactive?

omerr
Explorer

Hi,

We are thinking of using Splunk to display data from many sources in a table view.

I searched a lot and didn't find anyone who converted a Splunk formal table to a nicer one based on HTML \ JavaScript extensions.

The only things I found were to highlight a row or to insert an icon in a row - I want to use Splunk table values, but to display them in a completely different custom table.

Anyone maybe know how it can be done?

Thanks,

Omer Rudik.

0 Karma
1 Solution

jeffland
Champion

This is pretty straightforward: you can just fetch the search results from the search manager in javascript either as an array or as JSON and from there do whatever you like. The basics are this Simple XML:

<dashboard script="some_js.js">
  <search id="some_search">
  <query>index=foo | table field_a field_b</query>
  ...

And in your app_folder/appserver/static folder, you place a some_js.js with content such as this:

require([
    'splunkjs/mvc',
    'splunkjs/mvc/searchmanager',
    'splunkjs/mvc/simplexml/ready!',
    'splunkjs/ready!'
], function (mvc, SearchManager) {
    // Get the search manager
    var manager = mvc.Components.get("some_search");

    // Get the search results from the manager for JSON
    var data = manager.data("results", {
        output_mode: "json_rows"
    });

    // To get results as array, use:
    // var data = manager.data("results");

    var workWithResults = function(results) {
        // Make sure there is data on callback
        if (!data.hasData()) {
            return;
        }

        // Convert results to json
        var collection = results.collection().toJSON();

        // Do whatever needs to be done with your data:
        console.log(collection);
    };
    data.on("data", workWithResults);
});

That should get you going. From here on, you need to use whatever library/extension/tool you use for visualizations.

View solution in original post

jeffland
Champion

This is pretty straightforward: you can just fetch the search results from the search manager in javascript either as an array or as JSON and from there do whatever you like. The basics are this Simple XML:

<dashboard script="some_js.js">
  <search id="some_search">
  <query>index=foo | table field_a field_b</query>
  ...

And in your app_folder/appserver/static folder, you place a some_js.js with content such as this:

require([
    'splunkjs/mvc',
    'splunkjs/mvc/searchmanager',
    'splunkjs/mvc/simplexml/ready!',
    'splunkjs/ready!'
], function (mvc, SearchManager) {
    // Get the search manager
    var manager = mvc.Components.get("some_search");

    // Get the search results from the manager for JSON
    var data = manager.data("results", {
        output_mode: "json_rows"
    });

    // To get results as array, use:
    // var data = manager.data("results");

    var workWithResults = function(results) {
        // Make sure there is data on callback
        if (!data.hasData()) {
            return;
        }

        // Convert results to json
        var collection = results.collection().toJSON();

        // Do whatever needs to be done with your data:
        console.log(collection);
    };
    data.on("data", workWithResults);
});

That should get you going. From here on, you need to use whatever library/extension/tool you use for visualizations.

omerr
Explorer

I wish to take regular Splunk table like:
Table with columns: System name, Infrastructure status, UX status, influences from other systems and make it something like this:
alt text

0 Karma

somesoni2
Revered Legend

Have you looked at HTML dashboards?

0 Karma

mporath_splunk
Splunk Employee
Splunk Employee

Could you provide more details on what type of interactivity and Javascript extensions you have in mind?

0 Karma
Get Updates on the Splunk Community!

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Admin Console: A Single, Unified Interface for All Your Cloud Admin Needs

WATCH NOWJoin us to learn how the admin console can save you time and give you more control over the Splunk® ...