Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Set a token by open a dashboard based on a search

criedman
Explorer
‎06-08-2018 01:56 AM

Hi,

is it possible to set a token based on a search result value ?
My search does not work ... =(

 <init>
      <eval token="init">| inputlookup Lookup_1 | search Value="Value_A" | eval valuestatus=Value_A | table valuestatus</eval>
   </init>

Value_A = 0 .... 0 Should be set to the token.

BR
Christoph

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

criedman
Explorer
‎06-11-2018 02:25 AM

Thats the soluten thank you.

   <dashboard>
      <search>
         <query>| inputlookup Lookup_1 where Value="Value_A" 
  | eval valuestatus=Value_A 
  | table valuestatus
         <done>
           <set token="init">$result.valuestatus$</set>
         </done>
       </search>
     </dashboard>

BR
Christoph

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

criedman
Explorer
‎06-11-2018 02:25 AM

Thats the soluten thank you.

   <dashboard>
      <search>
         <query>| inputlookup Lookup_1 where Value="Value_A" 
  | eval valuestatus=Value_A 
  | table valuestatus
         <done>
           <set token="init">$result.valuestatus$</set>
         </done>
       </search>
     </dashboard>

BR
Christoph

0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎06-08-2018 02:28 AM

Hi @criedman

Can you please try following?

  <dashboard>
     <search>
        <query>| inputlookup Lookup_1 where Value="Value_A" 
 | eval valuestatus=Value_A 
 | table valuestatus
        <done>
          <set token="init">$result.valuestatus$</set>
        </done>
      </search>
    </dashboard>
Reply
Solved! Jump to solution

niketn
Legend
‎06-08-2018 02:36 AM

@kamlesh_vaghela, where can be added to base inputlookup command to pull only required result instead of fetching all records from lookup file and then filtering specific record.

| inputlookup Lookup_1 where Value="Value_A" 
| eval valuestatus=Value_A 
| table valuestatus
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...