How to: Dynamic Fields in Splunk Dashboards

In this short tutorial I will show you how to create a dashboard table with dynamic columns. When the user selects the radio button toggles, the search does NOT run again – only the display is updated. Demo:

Splunk dashboard source code

I am including the full source code to the dashboard with this post for your review. But here’s the secret sauce:

  • This has to be an HTML dashboard. Simple XML has no way to handle custom events.
  • The Simple XML wrapper classes (TableElement, EventElement, etc) are not supported. Use TableView or EventsViewerView, etc. instead.

Here’s the actual JavaScript used to change the displayed fields:

input1.on("change", function(newValue) {  
    if(newValue === "foo") {  
        element1.settings.set('fields', ["_time", "sourcetype"]);  
    else {  
        element1.settings.set('fields', ["_time", "source"]);  

Was this useful to you? Please share your own creations!