Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Manipulate URL Parameter as Dashboard Token

zchef2k
Observer
‎10-28-2020 08:00 AM

Hello Everyone. This is my first post in the forum, please be gentle. 🙂

I've spent an inordinate amount of trying to get this to work, but I have a requirement to take a FQDN passed as a URL parameter to a dashboard and convert it to a short hostname for use a token in search for several panels. I have tried just about every combination of <init>, <eval>, and <set> to no avail to get it populate at page load. I have even tried to attack this in search itself, unsuccessfully, by using something similar to this:

 

index="syslog_main" source="/var/log/messages" | eval short_name=replace(fqdn,"^([^\.]+).+","\1") | where like (host, "%short_name%") ]

 

 

Can someone suggest  a new strategy? At this point I'm probably just making it too complicated.

TIA

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-28-2020 08:46 AM

Have you tried rex?

index="syslog_main" source="/var/log/messages" 
| rex field=fqdn "(?<short_name>[^\.]+)"
| where like (host, "%short_name%")
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...