- Splunk Answers
- :
- Splunk Administration
- :
- Knowledge Management
- :
- User Workflow in Splunk
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
User Workflow in Splunk
Im hoping someone can help me out here? Apologies if I break any community rules - first post here!
Trying to create a workflow (not workflow actions) that provides the user a table of results (from a KV store) that are currently "uncategorised".
The user needs to categorise each line item in the table of results.
There are numerous categories that can be selected and these categories are held in another KV store.
In a non splunk world, this is really simple to solve - a table filled with results that also has a dropdown with a list of categories and a submit button to send the form back to the server.
Im not keen to use sideview as advanced xml is being deprecated - this leaves me with really horrible javascript and spending months figuring out splunk under the hood.
I know this type of thing can be done as its in Stream App (checkboxes on the stream config with a save at the top - the code is really quite busy and there's alot of it) and in Splunk ES notable events. I dont want all of that complexity or to reverse engineer it if I can help it!
The end solution Im looking to build needs to be as easy as possible for the user - e.g. not editing grids by typing in categories etc.
Does anyone have some good samples they would be willing to share?
Thanks
Chris
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could do the same as what you wiould do in a non-splunk world. Create a dashbaord/form with a dropdown list of categories and a table filled with results. As the user selects value(s) in the dropdown/multiselect, the table get filtered results. No scripting requred. Here is some useful/relevant reading
http://docs.splunk.com/Documentation/Splunk/6.0/Viz/Buildandeditforms
http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the suggestion. I think what you've suggested is good for where categories have already been set in a KV store - however, the data would not yet have a category in the store - its adding this item to the store specifically through a dropdown against an individual row line.
I would see the final result being a single table of n columns where the n+1 column contains a dropdown listing the categories and when it is changed, the KV store updates to reflect the change.
I can get all of the functionality I need behaving - its just this last link - the user updating the table of results that updates the store.
Introducing the Splunk Community Dashboard Challenge!
Wondering How to Build Resiliency in the Cloud?
Updated Data Management and AWS GDI Inventory in Splunk Observability
