Getting started example
Important notice: As part of Advanced XML deprecation, the Module System is officially deprecated beginning with Splunk Enterprise 6.3. For more information, see Advanced XML Deprecation. |
app.conf
[ui] is_visible = true label = App Framework Tutorial [package] id = Dev_tutorial [launcher] author = Splunk, Inc. description = App Framework Tutorial App version = 1.0
default.xml
<nav> <collection label="Examples"> <view name="Example"> </collection> </nav>
Example.xml
<view template="dashboard.html">
<label>Example: Using a Custom Module</label> <module name="AccountBar" layoutPanel="appHeader"/> <module name="AppBar" layoutPanel="navigationHeader"/> <module name="Message" layoutPanel="messaging"> <param name="filter">*</param> <param name="clearOnJobDispatch">False</param> <param name="maxSize">1</param> </module> <module name="StaticContentSample" layoutPanel="panel_row1_col1"> <param name="text"><![CDATA[
<h1>Example: Using a Custom Module</h1> <p> This simple application searches the metrics log and lists the CPU utilization of each indexer stage, for the last seven days. </p> <p> Search string: <tt>index=_internal source=*metrics.log group=pipeline | stats sum(cpu_seconds) as totalCPU by name</tt> </p> <p> Results are displayed using a custom module, <tt>CustomResultsTable</tt>. </p> ]]>
</param> </module> <module name="HiddenSearch" layoutPanel="panel_row2_col1" group="CPU Utilization" autoRun="True"> <param name="search">index=_internal source=*metrics.log group=pipeline | stats sum(cpu_seconds) as totalCPU by name</param> <param name="earliest">-7d</param> <module name="CustomResultsTable"> </module> </module>
</view> ]]>
CustomResultsTable.conf
[module] className = Splunk.Module.CustomResultsTable superClass = Splunk.Module.DispatchingModule description = Custom module for App Framework example.
CustomResultsTable.js
Splunk.Module.CustomResultsTable = $.klass(Splunk.Module.DispatchingModule, {
initialize: function($super, container) { $super(container); this.myParam = this.getParam("myParam"); this.resultsContainer = this.container; }, onJobDone: function(event) { this.getResults(); }, getResultParams: function($super) { var params = $super(); var context = this.getContext(); var search = context.get("search"); var sid = search.job.getSearchId(); if (!sid) this.logger.error(this.moduleType, "Search ID is missing."); params.sid = sid; return params; }, renderResults: function($super, htmlFragment) { if (!htmlFragment) { this.resultsContainer.html('No content available.'); return; } this.resultsContainer.html(htmlFragment); }
})
CustomResultsTable.py
import controllers.module as module
import splunk, splunk.search, splunk.util, splunk.entity
import lib.util as util
import lib.i18n as i18n
import logging
logger = logging.getLogger('splunk.module.CustomResultsTable')
import math
import cgi
MAX_MULTI_VALUE_COUNT = 50
class CustomResultsTable(module.ModuleHandler):
def generateResults(self, host_app, client_app, sid, count=1000, offset=0, entity_name='results'): count = max(int(count), 0) offset = max(int(offset), 0) if not sid: raise Exception('CustomResultsTable.generateResults - sid not passed!') try: job = splunk.search.getJob(sid) except splunk.ResourceNotFound, e: logger.error('CustomResultsTable could not find the job %s. Exception: %s' % (sid, e)) return _('<p class="resultStatusMessage">The job appears to have expired or has been canceled.</p>') output = [] output.append('<div class="CustomResultsTableWrapper">') output.append('<table class="CustomResultsTable splTable">') fieldNames = [x for x in getattr(job, entity_name).fieldOrder if (not x.startswith('_'))] offset_start = offset if offset < 0 and count < abs(offset): offset_start = -count dataset = getattr(job, entity_name)[offset_start: offset+count] for i, result in enumerate(dataset): output.append('<tr>') for field in fieldNames: output.append('<td') fieldValues = result.get(field, None) if fieldValues: renderedValues = [cgi.escape(x.value) for x in fieldValues[:MAX_MULTI_VALUE_COUNT]] output.append('>%s</td>' % "".join(renderedValues)) else: output.append('></td>') output.append('</tr>') output.append('</table></div>') if (entity_name == 'results' and job.resultCount == 0): if job.isDone: output = self.generateStatusMessage(entity_name, 'nodata', job.id) else: output = self.generateStatusMessage(entity_name, 'waiting', job.id) else: output = ''.join(output) return output
Set up your app | Example 1 - Simple customizations |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9
Feedback submitted, thanks!