Table Template
In order to define a table widget, set the render type to table and add a template key. This will contain an array of dictionaries. Each element of the array will represent one column of the table.
As an example, if a connector adds items like the following to the CommandResult as shown:
{
"ip": "<ip address>",
"container": {
"filename": "<filename>",
"pid": <process id>,
"other data": ...,
}
And then sets succeeded to True or False in the CommandResult summary, then you can write the following template to generate a three column table.
{
"name" : "Connector Name",
...
"commands": [
{
"provides": "list processes",
...
"render": {
"type": "table",
"width": 4,
"height": 5,
"title": "My App Output"
"menu_name": "My App"
},
"output": [
{
"data_path": "data..container.hash"
"data_type": "string",
"contains": ['hash'],
"column_name": "File Hash",
"column_order": 0,
},
{
"data_path": "data..container.pid"
"data_type": "numeric",
"contains": ['pid'],
"column_name": "Process ID",
"column_order": 1,
},
{
"data_path": "data..ip"
"data_type": "string",
"contains": ['ip'],
"column_name": "IP",
"column_order": 2,
},
{
"data_path": "data_summary.succeeded"
"data_type": "string",
"contains":[],
"column_name": "Some Column Name",
"column_order": 3,
}
]
}
]
}
If a render type of table is specified, then the table view uses the following fields from the output key in order to render your results:
| Field | Required? | Description |
|---|---|---|
| data_path | Required | Specifies the Data Path of this field. Data Paths are a method of indexing into the JSON in an abstract fashion that allows others who want to access that data to do so by specifying the appropriate path. The Data Path specified here must be populated by the connector code that creates and returns this field.
This string value can start with See Use data paths to present data to the Splunk Phantom web interface for more information about data paths. |
| data_type | Required | The type of variable. Supported types are: string, password, numeric, boolean.
|
| contains | Optional | Specifies what kind of content this field contains. The types listed here tell the UI what kind of context sensitive actions can be run on this value when it is displayed. For example, an ip geolocation action is something that can be applied to any IP address that appears in a column which lists ip as a type.
In the previous example, On the first column a user can run file based actions such as a |
| column_name | Required | Specifies the name of this column within the rendered widget when it is displayed. This provides a convenient way to show data in Mission Control and when viewer action results in tabular form. |
| column_order | Required | Specifies the order of this column. Column ordering starts at 0. |
| Frequently asked questions | Map Template |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Download manual
Feedback submitted, thanks!