Create A Comment Box In Splunk Dashboard

Create A Comment Box In Splunk Dashboard & Which Will Store The Information In A Lookup File.

Hi, every day today we are back with an interesting trick of Splunk, we will try to add a comment box in our dashboard for the end-users, to add comments on their user experience over that particular dashboard.
Let’s Start.

Use Case:
Here we have a sample dashboard called “Airline Dashboard” which has two panels only.


We will try to add a comment box on top of this dashboard with three fields “Name” (who is commenting), “Comment”, and “Ratings” (Ratings on our dashboard). Finally, the entry of these inputs will store in a lookup file, which we will analyze later or add those comments in this dashboard.

Step 1:
Now go to the dashboard and click on Edit > Add Input > Text


Then Create a Text input for “Name” with a token name “name” which is shown below.


In the same way, we have created a couple of more text inputs for “Comment” with a token name “cmt” and for “Ratings” with a token name “rts” and we have also added a “submit” button from the input.

You can also know about :  How to Change Panel Title Using Time Range Picker Dynamically Or In Human Readable Format

If you don’t know how to Add the Text Input and Submit Options you can visit the below links.

How to Add Submit Input option to Splunk Dashboard
How to Add Text Input option to Splunk Dashboard

Step 2:

| makeresults
| eval Name=split("$name$",","),Comment=split("$cmt$",","),Ratings=split("$rts$",",")
| mvexpand Comment
| mvexpand Name
| mvexpand Ratings
| table _time Name Comment Ratings
| outputlookup append=true airline_dashboard_comment.csv

Explanation:
Here we have used “makeresults” as a generating command then using “eval” we have created three fields “Name”, “Comment” and “Ratings” same as our input after that we added those respective tokens into those fields. That means whenever an input will be added to these tokens, the following fields will update with the values. Using the “mvexpand” command we expanded those multi-valued fields into single-valued fields. After that using the table command, we structured all four fields (including _time, which is generated by default with the “makeresults” command). Finally using the “outputlookup” command we stored the complete result within a lookup file named “airline_dashboard_comment.csv” and we have used “append=true” which means whenever a new entry will come it will add with the old data and nothing will overwrite.

You can also know about :  How to Make Search String Case Sensitive in Splunk

If you don’t know the usages of the makeresults, mvexpand, and outputlookup commands please visit the below links.

Usage of Splunk Commands: MAKERESULTS
Usage of Splunk Commands: MVEXPAND
LOOKUPS – LOOKUP TABLE FILES ( PART – 1 )

Now copy this query and go to your dashboard and click on Edit> Add Panel > New > Statistical Table and paste your query > Add to dashboard.
Now Save the dashboard and refresh it.


Now click on and Edit and then click on Source Code and make the changes as shown below.
Go to the panel we have just added and within the panel, tag add “ depends=”$hide$” ”,
To hide that panel, this is unnecessary to show.


Now Save the dashboard and refresh it.
Now fill in the text input in the comment boxes and see data loading in the lookup.


Now run this command to see the content of the lookup,

| inputlookup  airline_dashboard_comment.csv

Wow! It’s really awesome right.

If you want to add that lookup result in your dashboard, you can add which will look great.


This is it, hope you all enjoying Splunk as always.
Happy Splunking!!

One comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.