XML token defaults to * for a field and the need i...

macadminrohit · ‎08-08-2018

I have a drop down which populates the list of servers in the environment and the default value of the server token is * which gets all the servers and some extra as $server$=* , whereas i need * to be only the servers in the lookup. Here is my code

<fieldset submitButton="false" autoRun="true">
    <input type="dropdown" token="server" searchWhenChanged="true">
      <label>Select a server Number:</label>
      <default>*</default>
      <choice value="*">All servers</choice>
           <fieldForLabel>serverName</fieldForLabel>
      <fieldForValue>SERVER</fieldForValue>
      <search base="lookup_csv">
        <query>search OPEN="Y" AND  | search TimeZone=* AND Territory=* AND Region=* AND District=* AND STATE=*  
        | sort SERVER
        | rex mode=sed field=SERVER "s/(\d+)/000\1/" 
        | rex mode=sed field=SERVER "s/0*([0-9]{4})/\1/" 
        | eval storeName = SERVER+"-"+SERVER_NAME+"-"+STATE 
        | table SERVER serverName</query>
      </search>

As you can see, the lookup search will spit out all the servers which i require and i want the default value (* ) to be restricted to only these values(coming from lookup )

renjith_nair · ‎08-08-2018

You need to filter that in the main search where the SERVER token is used

Happy Splunking!

macadminrohit · ‎08-11-2018

Thanks, thats what I did and it fixed the problem.

renjith_nair · ‎08-11-2018

@macadminrohit, glad that worked. You may accept it as answer to close the thread.

Happy Splunking!

XML token defaults to * for a field and the need is to initialise * to output of a lookup

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life