Solved: Show column depends on the role

SathyaNarayanan · ‎01-09-2020

Hi Team,

I have table with 10 column, but want to show the column depends on the Splunk role.

Sample xml for my requirements.

<dashboard>
  <label>role based column</label>
  <search>
    <query>| rest splunk_server=local /services/authentication/current-context | table roles | mvexpand roles | search roles="*admin" </query>
    <done>
      <condition match="$job.resultCount$!==0">
        <set token="user">"sourcetype"</set>
      </condition>
      <condition match="$job.resultCount$==0">
        <set token="user">" "</set>
      </condition>
    </done>
  </search>
  <row>
    <panel>
      <table>
        <search>
          <query>index="_internal" | dedup sourcetype | table host sourcetype | fields host $user$</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</dashboard>

In this when the admin login, he should see host and sourcetype column, when non-admin should see only host

Thanks in advance.

kamlesh_vaghela · ‎01-09-2020

@SathyaNarayanan

Can you please try this condition?

<condition match="'job.resultCount'==0">
         <set token="user"> </set>
       </condition>
       <condition>
         <set token="user">sourcetype</set>
       </condition>

UPDATED

You are comparing result count with NOT EQUAL TO ZERO . So your code is proper but there is only problem with !== sign only.

OLD Code: <condition match="$job.resultCount$!==0">

NEW Code: <condition match="$job.resultCount$!=0">

Just remove extra = 🙂

View solution in original post

vnravikumar · ‎01-09-2020

Hi

Check this

<dashboard>
   <label>role based column</label>
   <search>
     <query>| rest splunk_server=local /services/authentication/current-context | table roles | mvexpand roles | search roles="*admin" </query>
     <done>
       <condition match="'job.resultCount'!=0">
         <set token="user">"sourcetype"</set>
       </condition>
       <condition>
         <set token="user"></set>
       </condition>
     </done>
   </search>
   <row>
     <panel>
       <table>
         <search>
           <query>index="_internal" | dedup sourcetype |table host $user$</query>
           <earliest>-15m</earliest>
           <latest>now</latest>
         </search>
         <option name="drilldown">none</option>
         <option name="refresh.display">progressbar</option>
         <fields>host $user$</fields>
       </table>
     </panel>
   </row>
 </dashboard>

kamlesh_vaghela · ‎01-09-2020

@SathyaNarayanan

Can you please try this condition?

<condition match="'job.resultCount'==0">
         <set token="user"> </set>
       </condition>
       <condition>
         <set token="user">sourcetype</set>
       </condition>

UPDATED

You are comparing result count with NOT EQUAL TO ZERO . So your code is proper but there is only problem with !== sign only.

OLD Code: <condition match="$job.resultCount$!==0">

NEW Code: <condition match="$job.resultCount$!=0">

Just remove extra = 🙂

SathyaNarayanan · ‎01-09-2020

ya it worked for me , thank a lot for quick response,

I want to know whether $job.resultCount$ changed to 'job.resultCount' ?

kamlesh_vaghela · ‎01-09-2020

@SathyaNarayanan
Both $job.resultCount$ and 'job.resultCount' will work. Just check my updated answer.

Show column depends on the role

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms