Solved: Re: Passing a token via text input on Dashboard.

rwb18 · ‎03-09-2021

I'm sure this is a simple fix, but I have been a little stuck. I'm trying to take just a text input and use that populate the corresponding dashboard. I have the input panel added and a simple dashboard added, but the searches are not completing, even though I know it is a valid search. Any help is appreciated.

<input type="text" token="$Name_tok$" searchWhenChanged="true">
<label>Enter Text</label>
<default>*</default>
</input>
</row>
</default>
</input>
<input type="text" token="Name_tok">
<label> Name</label>
<default></default>
</input>
</fieldset>
<row>
<panel>
<table>
<search>
<query>index=prod_devices Name=$Name_tok$ | table date, Name, version | dedup Name</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>

bowesmana · ‎03-09-2021

You seem to have 2 input boxes, one with 'Enter text' and the other with 'Name'. Not sure what you are trying to do with 2 boxes, however, if you are looking for the user to enter a device name to search for, then remove the first <input> block and set the default/and/or the initial value of the Name input to *

You cannot use the $ sign in the token name as you have done in the first input as that means you are trying to define a token called $Name_tok$ which is not valid.

You also seem to have some illegal XML tags in wrong places, e.g. closing </row> and </fieldset> and </default> hanging in the middle of things.

This fragment should work. Note that I added |s in the use of the token, which causes it to be quoted, so in case spaces are types in the text, the search command will still work.

<fieldset>
  <input type="text" token="Name_tok">
    <label> Name</label>
    <default></default>
  </input>
</fieldset>
<row>
  <panel>
    <table>
      <search>
        <query>index=prod_devices Name=$Name_tok|s$ 
  | table date, Name, version 
  | dedup Name
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
      <option name="refresh.display">progressbar</option>
    </table>
  </panel>
</row>

View solution in original post

bowesmana · ‎03-09-2021

You seem to have 2 input boxes, one with 'Enter text' and the other with 'Name'. Not sure what you are trying to do with 2 boxes, however, if you are looking for the user to enter a device name to search for, then remove the first <input> block and set the default/and/or the initial value of the Name input to *

You cannot use the $ sign in the token name as you have done in the first input as that means you are trying to define a token called $Name_tok$ which is not valid.

You also seem to have some illegal XML tags in wrong places, e.g. closing </row> and </fieldset> and </default> hanging in the middle of things.

This fragment should work. Note that I added |s in the use of the token, which causes it to be quoted, so in case spaces are types in the text, the search command will still work.

<fieldset>
  <input type="text" token="Name_tok">
    <label> Name</label>
    <default></default>
  </input>
</fieldset>
<row>
  <panel>
    <table>
      <search>
        <query>index=prod_devices Name=$Name_tok|s$ 
  | table date, Name, version 
  | dedup Name
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <option name="drilldown">none</option>
      <option name="refresh.display">progressbar</option>
    </table>
  </panel>
</row>

Passing a token via text input on Dashboard.

panel

simple XML

token

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?