Creating the app.js file
If you have access to your Splunk install directories, depending on where you created your dashboard (for example in the Search and Reporting app), you would go to:
Then inside of that directory, go to appserver/static. Your full directory path would be:
If you added this to some other app, or a newly created app, the directory ‘appserver’ may not exist and you’ll have to create it.
Splunk loads it’s dependencies using the require.js library. If you’ve never used it before it is a more efficient way to load file dependencies.
Splunk’s JS Framework is based on the backbone.js library. It has one dependency, the underscore.js library, which is why we load that first. We are also going to load in Splunk’s MVC components. We then pass in our dependencies as function parameters.
Creating Instances of Our Search and Table
Inside of your require function, we will need to first create variables that will reference our search and the visualization of that search, in this case a table:
We’re using the Splunk mvc components to pull reference to these items based off the id attributes we defined in our Simple XML earlier.
Listening for Events
Searches in Splunk have events tied to them such as progress, end, and failed. If you want more detailed information on these events, check out the Splunk documentation on progress events.
In our case, we are going to listen for the ‘search:done’ event, so we can check whether or not there was an error in the response. The ‘on’ event has a properties parameter from which we can extract information about the search. So, let’s start by logging that out:
If you inspect the console in your browser you’ll see it comes back as an object with a lot of different properties: