Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Passing tokens from single value

cjohnson_vectra
New Member
‎03-09-2016 10:18 AM

I have a fixed view that shows the number of devices in a given state for a 24hour window:

alt text

I would like to be able to drill into one of these and jump to another view/dashboard that shows more of the details around the values. The challenge I am running in to is that I am passing a token 'hostseverity' and the dashboard seems to accept the token, but it does not return anything in the results pane:

alt text

Now if I go in and change the severity manually, the results will populate as expected. The code I am using for the single value is:

    <option name="drilldown">all</option>
    <drilldown>
      <link>hosts?form.hostseverity=High</link>
    </drilldown>
Preview file
25 KB
Preview file
36 KB
0 Karma
Reply

cjohnson_vectra
New Member
‎03-11-2016 09:22 AM

ryandg, in gathering the information for you request, I identified the source of my issue.

The code for the input that was on the 'hosts' page was teh following:

    <input type="dropdown" token="hostseverity" searchWhenChanged="true">
      <label>Severity</label>
      <choice value="threat>0 AND certainty>0">All</choice>
      <choice value="threat>=50 certainty>=50">Critical</choice>
      <choice value="threat>=50 certainty<=50">High</choice>
      <choice value="threat<=50 certainty>=50">Medium</choice>
      <choice value="threat>0 AND threat<50 certainty>0 AND certainty<50">Low</choice>
      <initialValue>threat>0 AND certainty>0</initialValue>
    </input>

In the drilldown, I actually provided the named and not the value. So by changing
hosts?form.hostseverity=High

to:
hosts?form.hostseverity=threat%3E%3D50%20certainty%3C%3D50

I solved my problem.

Thanks for your help.

0 Karma
Reply

ryandg
Communicator
‎03-11-2016 06:36 AM

Can you include the code when you are trying to pass the token as well as the settings for the host severity input?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...