Hi Team,
I have table with 10 column, but want to show the column depends on the Splunk role.
Sample xml for my requirements.
<dashboard>
<label>role based column</label>
<search>
<query>| rest splunk_server=local /services/authentication/current-context | table roles | mvexpand roles | search roles="*admin" </query>
<done>
<condition match="$job.resultCount$!==0">
<set token="user">"sourcetype"</set>
</condition>
<condition match="$job.resultCount$==0">
<set token="user">" "</set>
</condition>
</done>
</search>
<row>
<panel>
<table>
<search>
<query>index="_internal" | dedup sourcetype | table host sourcetype | fields host $user$</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</dashboard>
In this when the admin login, he should see host and sourcetype column, when non-admin should see only host
Thanks in advance.
@SathyaNarayanan
Can you please try this condition?
<condition match="'job.resultCount'==0">
<set token="user"> </set>
</condition>
<condition>
<set token="user">sourcetype</set>
</condition>
UPDATED
You are comparing result count with NOT EQUAL TO ZERO
. So your code is proper but there is only problem with !==
sign only.
OLD Code: <condition match="$job.resultCount$!==0">
NEW Code: <condition match="$job.resultCount$!=0">
Just remove extra =
🙂
Hi
Check this
<dashboard>
<label>role based column</label>
<search>
<query>| rest splunk_server=local /services/authentication/current-context | table roles | mvexpand roles | search roles="*admin" </query>
<done>
<condition match="'job.resultCount'!=0">
<set token="user">"sourcetype"</set>
</condition>
<condition>
<set token="user"></set>
</condition>
</done>
</search>
<row>
<panel>
<table>
<search>
<query>index="_internal" | dedup sourcetype |table host $user$</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
<fields>host $user$</fields>
</table>
</panel>
</row>
</dashboard>
@SathyaNarayanan
Can you please try this condition?
<condition match="'job.resultCount'==0">
<set token="user"> </set>
</condition>
<condition>
<set token="user">sourcetype</set>
</condition>
UPDATED
You are comparing result count with NOT EQUAL TO ZERO
. So your code is proper but there is only problem with !==
sign only.
OLD Code: <condition match="$job.resultCount$!==0">
NEW Code: <condition match="$job.resultCount$!=0">
Just remove extra =
🙂
ya it worked for me , thank a lot for quick response,
I want to know whether $job.resultCount$ changed to 'job.resultCount' ?
@SathyaNarayanan
Both $job.resultCount$
and 'job.resultCount'
will work. Just check my updated answer.