Lister modules
| Important notice: The Advanced XML dashboard framework is officially deprecated. For more information, see Advanced XML Deprecation. |
Use lister modules to add lists to your dashboards. There are two types of listers:
- Entity listers Entity listers build lists from REST endpoints. Use entity listers to create lists of users, saved searches or other objects within Splunk Enterprise.
- Search listers Search listers build lists from searches run in the module. All search listers essentially work the same -- they only differ cosmetically. If prefer to have radio buttons, use SearchRadioLister.
First add the chrome and nav for your view:
<view template="dashboard.html">
<label>Lister intro</label>
<module name="AccountBar" layoutPanel="appHeader"/>
<module name="AppBar" layoutPanel="navigationHeader"/>
<module name="Message" layoutPanel="messaging">
<param name="filter">*</param>
<param name="clearOnJobDispatch">False</param>
<param name="maxSize">1</param>
</module>
<module name="TitleBar" layoutPanel="viewHeader">
<param name="actionsMenuFilter">dashboard</param>
</module>
. . .
</view>SearchSelectLister
This basic example uses a SearchSelectLister to generate the top ten sourcetypes with the most data indexed in the last hour. When a user clicks on a sourcetype in the list, they are redirected to the timeline view, which runs a search for just the events from that sourcetype over the past two hours.
. . .
<module name="HiddenSearch" layoutPanel="panel_row2_col1"
group="Drilldowns - 1" autoRun="True">
<param name="search">*</param>
<param name="earliest">-2h</param>
<module name="SearchSelectLister">
<param name="settingToCreate">series_setting</param>
<param name="search">
index=_internal metrics
NOT source="*web_service.log" NOT source="*access.log" NOT source="*/searches.log"
NOT source="*intentions.log" NOT source="*splunkd.log"
group="per_sourcetype_thruput"
| chart sum(kb) over series | sort -sum(kb) | head 10 | sort series
</param>
<param name="earliest">-1h</param>
<param name="label">source</param>
<param name="searchWhenChanged">True</param>
<param name="searchFieldsToDisplay">
<list>
<param name="label">series</param>
<param name="value">series</param>
</list>
</param>
<module name="ConvertToIntention">
<param name="settingToConvert">series_setting</param>
<param name="intention">
<param name="name">addterm</param>
<param name="arg">
<param name="index=_internal sourcetype">$target$</param>
</param>
</param>
<module name="SubmitButton">
<param name="label">Search</param>
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline</param>
</module>
</module><!-- End SubmitButton -->
</module><!-- End ConvertToIntention -->
</module><!-- End SearchSelectLister -->
</module><!-- End HiddenSearch -->SearchLinkLister
This example is the same as the previous, except it uses SearchLinkLister instead of SearchSelectLister.
. . .
<module name="HiddenSearch" layoutPanel="panel_row2_col2"
group="Drilldowns - 2" >
<param name="search">*</param>
<param name="earliest">-2h</param>
<module name="SearchLinkLister">
<param name="settingToCreate">series_setting</param>
<param name="search">
index=_internal metrics
NOT source="*web_service.log" NOT source="*access.log" NOT source="*/searches.log"
NOT source="*intentions.log" NOT source="*splunkd.log"
group="per_sourcetype_thruput"
| chart sum(kb) over series | sort -sum(kb) | head 10 | sort series
</param>
<param name="earliest">-1h</param>
<param name="searchWhenChanged">True</param>
<param name="searchFieldsToDisplay">
<list>
<param name="label">series</param>
<param name="value">series</param>
</list>
</param>
<module name="ConvertToIntention">
<param name="settingToConvert">series_setting</param>
<param name="intention">
<param name="name">addterm</param>
<param name="arg">
<param name="index=_internal sourcetype">$target$</param>
</param>
</param>
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline</param>
</module>
</module><!-- End ConvertToIntention -->
</module><!-- End SearchLinkLister -->
</module><!-- End HiddenSearch -->
. . .
EntityLinkLister
This example shows how to use an EntityLinkLister module. This module lets you access configurations and knowledge objects from REST endpoints within Splunk Enterprise. The below example returns a list of saved searches that are available (using Splunk's permissions system) to the current Splunk user and app. Clicking on the searches in the list runs the search in the default search (timeline) view.
<view template="dashboard.html">
<label>Lister intro</label>
<module name="AccountBar" layoutPanel="appHeader"/>
<module name="AppBar" layoutPanel="navigationHeader"/>
<module name="Message" layoutPanel="messaging">
<param name="filter">*</param>
<param name="clearOnJobDispatch">False</param>
<param name="maxSize">1</param>
</module>
<module name="TitleBar" layoutPanel="viewHeader">
<param name="actionsMenuFilter">dashboard</param>
</module>
<module name="EntityLinkLister" layoutPanel="panel_row1_col1">
<param name="entityPath">saved/searches</param>
<param name="settingToCreate">savedSearch</param>
<param name="entityFieldsToDisplay">
<list>
<param name="label">name</param>
<param name="value">name</param>
</list>
</param>
<module name="HiddenSearch" >
<param name="search">|savedsearch "$savedSearch$"</param>
<module name="ConvertToIntention">
<param name="intention">
<param name="name">stringreplace</param>
<param name="arg">
<param name="savedSearch">
<param name="fillOnEmpty">True</param>
<param name="value">$savedSearch$</param>
</param>
</param>
</param>
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline</param>
</module>
</module> <!-- End ConvertToIntention -->
</module> <!-- End HiddenSearch -->
</module> <!-- End EntityLinkLister -->
</view>| Switcher modules | Use lookups with a view |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9
Download manual
Feedback submitted, thanks!