Solved: Re: How to save the results of a search into a tok...

Marco_Develops · ‎05-18-2022

I'm trying to save the results of my search in a token so I can reference it in another visualization. I've read other post and people are using the <done> tags to solve this issue.

Below is my code

<row>
    <panel>
      <single>
        <search>
          <query>index = * | stats count as c</query>
          <earliest>$time.earliest$</earliest>
          <latest>$time.latest$</latest>
          <done> 
            <set token="results" >$row.c$</set>
          </done>
        </search>
        <option name="drilldown">none</option>
      </single>
    </panel>
  </row>

ideally I would like to reference the "Results" token in other searches. Any help is appreciated.

-Marco

somesoni2 · ‎05-18-2022

Change

<set token="results" >$row.c$</set>

with

<set token="results" >$result.c$</set>

The $row.xxx works when you drilldown using a click.

View solution in original post

somesoni2 · ‎05-18-2022

Change

<set token="results" >$row.c$</set>

with

<set token="results" >$result.c$</set>

The $row.xxx works when you drilldown using a click.

richgalloway · ‎05-18-2022

How is that code failing you? How are you trying to reference the $results$ token?

---
If this reply helps you, Karma would be appreciated.

Marco_Develops · ‎05-18-2022

@somesoni2 Switching from row to results worked as needed.

Thank you,

Marco

How to save the results of a search into a token?

form

simple XML

table

token

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Are you a member of the Splunk Community?