How to: Dynamic Fields in Splunk Dashboards

Categories:

In this short tutorial I will show you how to create a dashboard table with dynamic columns. When the user selects the radio button toggles, the search does NOT run again -- only the display is updated. Demo: https://youtu.be/l-p83je4RgQ


I am including the full source code to the dashboard with this post for your review. But here's the secret sauce:

  • This has to be an HTML dashboard. Simple XML has no way to handle custom events.
  • The Simple XML wrapper classes (TableElement, EventElement, etc) are not supported. Use TableView or EventsViewerView, etc. instead.

Here's the actual JavaScript used to change the displayed fields:

        input1.on("change", function(newValue) {
            if(newValue === "foo") {
                element1.settings.set('fields', ["_time", "sourcetype"]);
            }
            else {
                element1.settings.set('fields', ["_time", "source"]);
            }
            FormUtils.handleValueChange(input1);
        });

Was this useful to you? Please share your own creations!