All Apps and Add-ons

How to create a dashboard with text input fields that will update a lookup file?

EdgarAllenProse
Path Finder

Is there a way to create a dashboard with text input fields that does not do any searching, but rather pushes user input into a new row within a created input file?

Basically what I am trying to accomplish is this:

Lookup File: userLoggedInfo.csv

Dashboard: User Log

Dashboard looks like this:

Event: | Text Box |
Time of Event: | Text Box |
IP in event: | Text Box |
Analysis Notes: | Text Box |

When a user plugs in information I want to add what the user wrote to the lookupfile in a new row.

So before user inputs information, the file would look like this:
|Event|Time of Event|IP in Event|Analysis notes|

After the user hits the submit button in the dashboard, it should update like so and any future submission would be added to the next empty row:

|Event |Time of Event |IP in Event |Analysis notes |
|HD Error | Dec 21 | 192.168.16.1 | HardDrive failed because a rock was thrown at it. Verified|

So what would be a good starting point in learning to make textboxes output non-queried text into a lookup (for later querying) in a submittable form based dashboard?

MuS
SplunkTrust
SplunkTrust

Hi EdgarAllenProse,

given you have a lookup called 478751 which contains the following:

Event,"Time of Event","IP in Event","Analysis notes"

you can use this run everywhere dashboard to see how this can be done:

<form>
  <label>How to create a dashboard with text input fields that will update a lookup file?</label>
  <description>https://answers.splunk.com/answers/478751/how-to-create-a-dashboard-with-text-input-fields-t.html</description>
  <fieldset submitButton="true" autoRun="false">
    <input type="text" token="field1">
      <label>Event</label>
    </input>
    <input type="text" token="field2">
      <label>Time of Event</label>
    </input>
    <input type="text" token="field3">
      <label>IP in event</label>
    </input>
    <input type="text" token="field4">
      <label>Analysis Notes</label>
    </input>
  </fieldset>
  <row rejects="$field1$">
    <panel>
      <table>
        <search>
          <query>| inputlookup 478751 | table Event "Time of Event" "IP in Event" "Analysis notes"</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
  <row depends="$field1$">
    <panel>
      <table>
        <search>
          <query>| inputlookup 478751 | append [ | makeresults | eval Event="$field1$", "Time of Event"="$field2$", "IP in Event"="$field3$", "Analysis notes"="$field4$" | fields - _time ] |  table Event "Time of Event" "IP in Event" "Analysis notes" | outputlookup 478751</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

You can of course change the lookup name to match your file.

Hope this helps ...

cheers, MuS

rapmancz
Explorer

Did you find the solution? It will be also useful for me...

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...