Hi, could somebody please tell me how i can put 2 Variables inside one Query
I have Written the following
Could somebody please tell me how to pick 2 variables into one search at a specific place i tried to put it with click1.searchTerms and click2.searchTerms into the system but thats not working with click.searchTerms it's working but at the last query i could not have 2 variables inside
There is no valid key in your view called $click1.searchTerms$. I think you mean $click.searchTerms$, which is an extended key added to the JSChart's output by Sideview Utils.
There is a good docs page inside Sideview Utils that gives a broad overview of all the $foo$ tokens that are available with all relevant Sideview and Splunk modules.
Also, you can use the Sideview Editor in "Runtime Debug" mode to take a look at exactly what keys are at exactly what point in exactly what view, at runtime. Which is an overwhelming bit of power, but can be very useful....
By the way you can change the "click" part of that by setting "drilldownPrefix" param on JSChart. In a Sideview module you would always set a "name" param to change that, but the Splunk modules are a little inconsistent as to how you specify the name of the $foo$ token from module to module.
There is no valid key in your view called $click1.searchTerms$. I think you mean $click.searchTerms$, which is an extended key added to the JSChart's output by Sideview Utils.
There is a good docs page inside Sideview Utils that gives a broad overview of all the $foo$ tokens that are available with all relevant Sideview and Splunk modules.
Also, you can use the Sideview Editor in "Runtime Debug" mode to take a look at exactly what keys are at exactly what point in exactly what view, at runtime. Which is an overwhelming bit of power, but can be very useful....
By the way you can change the "click" part of that by setting "drilldownPrefix" param on JSChart. In a Sideview module you would always set a "name" param to change that, but the Splunk modules are a little inconsistent as to how you specify the name of the $foo$ token from module to module.
