The SimpleSplunk view is a base class for custom views.
Name | Default value | Description |
className | null | The name of the CSS class applied to the element associated with this custom view. |
offset | 0 | A number that specifies the index of the first item to return. |
options | {data: "preview"} | A dictionary of options for the view, including the results model data that this view displays. Possible values for "data" are: ( preview | results | searchlog | summary | timeline ). |
outputMode | "json_rows" | The output format of the search results ("json", "json_rows", "json_cols"). |
resultOptions | { } | A dictionary of options to pass to the results model. For example, {output_time_format: "%s.%Q"} returns _time in epoch milliseconds format. |
returnCount | 0 | A number that indicates the maximum number of entries to return. A value of 0 means all entries are returned. |
Name | Description |
createView | Configures the custom visualization and returns a handle to it, which is then passed to the updateView method as the first argument. This method is called once. |
displayMessage | Allows you to render messages in a custom way. |
formatData | Formats results data from Splunk and returns a handle to the data, which is then passed to the updateView method as the second argument. When you don't override this method, data is passed in the output format that is specified by the output_mode property (such as json, json_rows, or json_cols). |
initialize | Constructor. |
formatResults | Same as formatData, except that it allows you to format the entire results model object (rather than just the data portion). |
render | Creates the initial view and draws it on the screen. On subsequent calls, runs a full update cycle by calling formatResults, formatData, then updateView. |
updateView | Puts Splunk data (returned by the formatData method) into the view (returned by the createView method) and renders it. This method is called automatically whenever Splunk data changes, for example when a search is run again. |