Dashboards & Visualizations

Help for using token filters in a scheduled search

jip31
Builder

Hello

 

I use token filters in a table panel of my dashboard in order to filter the results of the search and it works perfectly when the search is directly filled in the table panel

But I need to use a scheduled search for this monitoring

If I keep the filters in the search, the search doesn't works....

So I put the filters after the loadjob command like below :

Is it correct or not?

 

 

<row>
    <panel>
      <title>Reboot &amp; logon</title>
      <input type="text" token="tok_filterhost" searchWhenChanged="true">
        <label>Hostname</label>
        <default>*</default>
        <initialValue>*</initialValue>
      </input>
      <input type="text" token="tok_filtermodel" searchWhenChanged="true">
        <label>Model.</label>
        <default>*</default>
        <initialValue>*</initialValue>
      </input>
      <input type="text" token="tok_filterbuilding" searchWhenChanged="true">
        <label>Building.</label>
        <default>*</default>
        <initialValue>*</initialValue>
      </input>
      <input type="text" token="tok_reboot" searchWhenChanged="true">
        <label>Days without reboot</label>
        <default>=*</default>
        <initialValue>*</initialValue>
      </input>
      <input type="text" token="tok_logon" searchWhenChanged="true">
        <label>Days without logon</label>
        <default>=*</default>
        <initialValue>*</initialValue>
      </input>
      <table>
        <title>TUTU</title>
        <search>
          <query>| loadjob savedsearch="admin:TOTO_sh:TITI" 
| search Site=$tok_filtersite|s$ 
| search Responsible=$tok_filterresponsible$ 
| search Department=$tok_filterdepartment$ 
| search "Days without logon"$tok_logon$ 
| search "Days without reboot"$tok_reboot$ 
| search Hostname=$tok_filterhost$ 
| search Model=$tok_filtermodel$ 
| search Building=$tok_filterbuilding$</query>

 For more information, here is the stats command done on "TITI" search :

| stats last(BUILDING_CODE) as Building, last(DESCRIPTION_MODEL) as Model, last(LastReboot) as "Last reboot date" last(NbDaysReboot) as "Days without reboot" last(LastLogon) as "Last logon date" last(NbDaysLogon) as "Days without logon" by host SITE RESPONSIBLE_USER DEPARTMENT
| rename host as Hostname, SITE as Site, RESPONSIBLE_USER as Responsible, DEPARTMENT as Department 
| sort -"Days without reboot" -"Days without logon"

Thanks for your help please

Labels (1)
Tags (1)
1 Solution

ro_mc
Path Finder

I realise this is an older post, but if nobody has answered, perhaps others are having difficulty solving similar problems. Since you're referencing a saved search, you could try using a base <search> with ref to reference the saved search instead of loadjob, then use post-process searches as needed to add any additional tokens for filtering.

Two of the lines here are missing equals signs for assignment, which is likely at least part of the reason why the search is not working as expected:

| search "Days without logon"$tok_logon$ 
| search "Days without reboot"$tok_reboot$ 

You can check this by using <search> with <failed> and <error> to determine if the search has an error in it, as seen above, or whether it failed for some other reason, in which case you might want to turn on debugging in the search job inspector by modifying limits.conf as follows

[search_info]
infocsv_log_level = DEBUG

Finally, I'm not sure what you're trying to do here with multiple | search commands. It looks like these can simply follow on from the main search. E.g.

Site=$tok_filtersite|s$ Responsible=$tok_filterresponsible$

Whether you need to pipe to |s depends on the nature of the data. Alternatively, you may need to use |u for URL encoding (typically for links e.g. in drilldowns) or |n to specify no string manipulation.

View solution in original post

0 Karma

ro_mc
Path Finder

I realise this is an older post, but if nobody has answered, perhaps others are having difficulty solving similar problems. Since you're referencing a saved search, you could try using a base <search> with ref to reference the saved search instead of loadjob, then use post-process searches as needed to add any additional tokens for filtering.

Two of the lines here are missing equals signs for assignment, which is likely at least part of the reason why the search is not working as expected:

| search "Days without logon"$tok_logon$ 
| search "Days without reboot"$tok_reboot$ 

You can check this by using <search> with <failed> and <error> to determine if the search has an error in it, as seen above, or whether it failed for some other reason, in which case you might want to turn on debugging in the search job inspector by modifying limits.conf as follows

[search_info]
infocsv_log_level = DEBUG

Finally, I'm not sure what you're trying to do here with multiple | search commands. It looks like these can simply follow on from the main search. E.g.

Site=$tok_filtersite|s$ Responsible=$tok_filterresponsible$

Whether you need to pipe to |s depends on the nature of the data. Alternatively, you may need to use |u for URL encoding (typically for links e.g. in drilldowns) or |n to specify no string manipulation.

View solution in original post

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!