Hey folks. I'm trying to write an HTML View for cases (data is coming in from Splunk). And I'm running into a problem.
If a case has a single event then the entity I might reference would look like this:
In which case the string in the "description" field of my Splunk alert is shown without issue.
However, if the case has multiple events then the string that is shown is a concatenated list of
all
of the "description" strings from every event separated by a comma.
I am looking for an entity name that
always
shows up for that data and is always just the first event.
I've seen at times. But that only seems to show up if there are multiple events (or maybe for multivalue fields?)
Are there any resources for understanding how Siemplify makes entities related to Splunk events?
Write an HTML View for cases
+1
Hello
@Keith_Allen
so if i understand properly - you are looking for a placeholder, that can always help you and find only the entity name, to be shown properly in the widget you are writing.
eventually, that's a very valid pain point that we are trying to resolve these days, but until that point in time, you can have an "if" in the code, to see if you have a single item in the events, or multiple items, and in every case - use to correct one.
in case you are using the default mapping provided with our integration, i might be able to help further, but i'm guessing your mapping is a little bit different and thus it really depends on it.
Please let me know if you have additional questions.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.