Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Manipulate URL Parameter as Dashboard Token

zchef2k
Observer
‎10-28-2020 08:00 AM

Hello Everyone. This is my first post in the forum, please be gentle. 🙂

I've spent an inordinate amount of trying to get this to work, but I have a requirement to take a FQDN passed as a URL parameter to a dashboard and convert it to a short hostname for use a token in search for several panels. I have tried just about every combination of <init>, <eval>, and <set> to no avail to get it populate at page load. I have even tried to attack this in search itself, unsuccessfully, by using something similar to this:

 

index="syslog_main" source="/var/log/messages" | eval short_name=replace(fqdn,"^([^\.]+).+","\1") | where like (host, "%short_name%") ]

 

 

Can someone suggest  a new strategy? At this point I'm probably just making it too complicated.

TIA

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-28-2020 08:46 AM

Have you tried rex?

index="syslog_main" source="/var/log/messages" 
| rex field=fqdn "(?<short_name>[^\.]+)"
| where like (host, "%short_name%")
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...