Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Dashboard Studio how to use a token to set a second value

jholman2000
Engager
‎01-10-2024 11:56 AM

I have a Dashboard created in Dashboard Studio and have added a simple dropdown to select "Production", "UAT, "SIT',"Development" and it sets a correspnding value that I use in the $api_env$ token as shown below.  This works correctly and results in CA03430-cmsviewapi-prodox as I expect.

I want to use the value in the $api_env$ token to programmatically change the index between wf_wb_cbs and wf_cb_cbs_np.

How do I do that?  I tried adding eval idx=if() at the front of my query but when it gets to the existing index= portion it flags an error "Unknown search command 'index'

Thanks for any assistance!

Here is the query as it now shows in my dashboard:

"ds_search_1_new_new": {
            "type": "ds.search",
            "options": {
                "query": "index=wf_wb_cbs CA03430 sourcetype=\"cf:logmessage\" cf_app_name=\"CA03430-cmsviewapi-$api_env$\"| spath \"msg.customerIdType\" \r\n| eval eventHour = strftime(_time,\"%H\") | where eventHour >= \"07\" and eventHour < \"20\" \r\n| stats count by \"msg.customerIdType\"",
                "queryParameters": {
                    "earliest": "$global_time.earliest$",
                    "latest": "$global_time.latest$"
                }
            },
            "name": "cmsviewapi_activitybyrole"
        },
 
And here is my input:
        "input_w8NFtYlK": {
            "options": {
                "items": [
                    {
                        "label": "Production",
                        "value": "prodox"
                    },
                    {
                        "label": "UAT",
                        "value": "uathra"
                    },
                    {
                        "label": "SIT",
                        "value": "sit"
                    },
                    {
                        "label": "Development",
                        "value": "dev"
                    }
                ],
                "token": "api_env",
                "defaultValue": ""
            },
            "title": "Environment",
            "type": "input.dropdown",
            "dataSources": {}
        }
 
Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

danspav
SplunkTrust
SplunkTrust
‎01-18-2024 02:04 PM

Hi @jholman2000,


I don't think there's a way to set two token values from the one dropdown like you can with simpleXML dashboards, but here's a workaround - 

You can create a simple search that will use the environment token and produce the appropriate index name, which can then be used in your main search.

{
"type": "ds.search",
"options": {"query": "|  makeresults\n|  eval index=if(\"$api_env$\"=\"prod\",\"wf_wb_cbs\",\"wf_wb_cbs_np\")\n| table index",
"enableSmartSources": true
},
"name": "IndexName"
}

 

The search will be pretty quick, and will only run on the search head. It just looks at the environment token and sets the index to prod or nonprod as appropriate.

The key part is the "enableSmartSources" which you get when checking  the "Access search results or metadata" checkbox.

Now you can refer to the index name:  $IndexName:result.index$

So your final search will be:

index=$IndexName:result.index$ CA03430 sourcetype="cf:logmessage" cf_app_name="CA03430-cmsviewapi-$api_env$" | spath "msg.customerIdType" | eval eventHour = strftime(_time,"%H") | where eventHour >= "07" and eventHour < "20" | stats count by "msg.customerIdType"


Hope that helps you out.

Cheers,
Daniel

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

danspav
SplunkTrust
SplunkTrust
‎01-18-2024 02:04 PM

Hi @jholman2000,


I don't think there's a way to set two token values from the one dropdown like you can with simpleXML dashboards, but here's a workaround - 

You can create a simple search that will use the environment token and produce the appropriate index name, which can then be used in your main search.

{
"type": "ds.search",
"options": {"query": "|  makeresults\n|  eval index=if(\"$api_env$\"=\"prod\",\"wf_wb_cbs\",\"wf_wb_cbs_np\")\n| table index",
"enableSmartSources": true
},
"name": "IndexName"
}

 

The search will be pretty quick, and will only run on the search head. It just looks at the environment token and sets the index to prod or nonprod as appropriate.

The key part is the "enableSmartSources" which you get when checking  the "Access search results or metadata" checkbox.

Now you can refer to the index name:  $IndexName:result.index$

So your final search will be:

index=$IndexName:result.index$ CA03430 sourcetype="cf:logmessage" cf_app_name="CA03430-cmsviewapi-$api_env$" | spath "msg.customerIdType" | eval eventHour = strftime(_time,"%H") | where eventHour >= "07" and eventHour < "20" | stats count by "msg.customerIdType"


Hope that helps you out.

Cheers,
Daniel

 

0 Karma
Reply
Solved! Jump to solution

jholman2000
Engager
‎01-19-2024 09:44 AM

Thanks Dan!  That worked perfectly just as you provided.

0 Karma
Reply
Get Updates on the Splunk Community!

BORE at .conf25

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant ...

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...