Passing tokens to a pivot dashboard:
Is there any unintended consequences with using pivot this way?
Dropdown search:
<populatingSearch fieldForValue="selected_host" fieldForLabel="selected_host"> <![CDATA[| pivot WebCampus_Access webcampus_authentication SPLITROW host AS "selected_host" SORT 100 host]]> </populatingSearch>
Dashboard searcH:
<searchString>| pivot WebCampus_Access webcampus_authentication count(evt_code) AS "Count of event_code" SPLITROW _time AS "_time" PERIOD auto SPLITCOL host FILTER evt_code = 0 FILTER host is $selected_host$ SORT 0 _time NUMCOLS 100</searchString>
Is there any unintended consequences with using pivot this way?
I shouldn't think so. Using tokens in search strings is very well supported.
Only trouble you might run into is if $selected_host$
contains spaces. Then you'd probably want to actually search-escape it using $selected_host|s$
Hi -
If i use the token for SPLITCOL variable by using FILTER inside pivot command it's working but if i pass the token for SPLITCOL variable by using search or where or fields or table outside pivot command it is not working. can you please advise?
Working Eg: | pivot datamodelname rootobject SPLITROW field1 SPLITCOL field2 FILTER field2 is "$tok_field2$" NUMCOLS 500 | where field1="xyz"
Not working Eg : | pivot datamodelname rootobject SPLITROW field1 SPLITCOL field2 NUMCOLS 500 | where field1="xyz" | table field1 "$tok_field2$"