Is there a way to pass a token from my dashboard (field1) text field that will have a username to a saved report (DSN Test Report)?
`<form>
<label>DSN Test</label>
<fieldset submitButton="true">
<input type="text" token="field1">
<label>field1</label>
</input>
<input type="time" token="field2">
<label></label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<table>
<title>DSN Test</title>
<search ref="DSN Test Report">
<earliest>$field2.earliest$</earliest>
<latest>$field2.latest$</latest>
</search>
<option name="count">50</option>
<option name="drilldown">none</option>
</table>
</panel>
</row>
</form>
Did you get this resolved? I'm having the exact same issue.
- a ref="<reportname>" works fine with the restricted read permissions (no access to index data) but I cannot pass tokens to the report
- a <query>| savedsearch <reportname> tokens=$tokens$ works fine for results but cannot run as report owner
How does one run as the report owner and still pass in tokens?
@MikeMefford
Can you please try savedsearch
command?
<search>
<query>| savedsearch "DSN Test Report" param1="value1"</query>
<earliest>$field2.earliest$</earliest>
<latest>$field2.latest$</latest>
</search>
Thanks
Thanks for your reply!
So I made the change to my dashboard:
<search>
<query>| savedsearch "DSN Test Report" Account_Name=$field1$</query>
<earliest>$field2.earliest$</earliest>
<latest>$field2.latest$</latest>
</search>
And also changed the saved search:
index=main EventCode=4740 Account_Name=$field1$
I get the following message when I run it:
Error in 'savedsearch' command: Encountered the following error while building a search for saved search 'DSN Test Report': Error while replacing variable name='field1'. Could not find variable in the argument map.
Here is the report and yes I know it will work if I make it a inline search in the dashboard, but you can't set dashboards to run as the "Owner" which is what I need it to do. The report I can set to run as owner.
index=main EventCode=4740 Account_Name=$field1$
| eval Account_Name2=mvindex(Account_Name,1), mytime=_time
| convert timeformat="%m-%d-%Y %I:%M:%S %p" ctime(mytime)
| dedup _time
| table Account_Name2, Caller_Computer_Name, mytime
| rename Account_Name2 AS "Account Locked Out", Caller_Computer_Name AS "Lockout Location", mytime AS "Date/Time"
| sort _time