Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Tokens based on Tags

dperry
Communicator
‎10-04-2016 12:36 PM

I have a field value pair of the following:

node_primary_node_group_id=3
node_primary_node_group_id=4
node_primary_node_group_id=5
and so on....

I created a tag for these values. ex:
node_primary_node_group_id=3 (Web Servers)
node_primary_node_group_id=5 (App Servers)
node_primary_node_group_id=5 (DB Servers)

I want to create a token that would let the user see Dropdown Form Input Element with the tags I created - Web, App, and DB Server.

I think I understand the basixc syntax for a DropDown Form Input Element but not sure how to use tags. This is possible?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎10-04-2016 12:45 PM

You may not need tags for this purpose. You can create a drop-down that is dynamically populated. Like this

<input type="dropdown" token="tokTag">
<search>
<query>index=xyz earliest=-1d@d | stats count by node_primary_node_group_id | eval tag=case(node_primary_node_group_id=1, "Web Servers", node_primary_node_group_id=2, "App Servers", node_primary_node_group_id=3, "DB Servers", 1=1, "UNK") | fields node_primary_node_group_id tag</query>
      <fieldForLabel>tag</fieldForLabel>
      <fieldForValue>node_primary_node_group_id</fieldForValue>
</input>

In the query for your dependent panel, use the tokTag, as the user selected value to filter your data. Like this

<search>
<query>index=xyz node_primary_node_group_id=$tokTag$" | ...</query>
</search>

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎10-04-2016 12:45 PM

You may not need tags for this purpose. You can create a drop-down that is dynamically populated. Like this

<input type="dropdown" token="tokTag">
<search>
<query>index=xyz earliest=-1d@d | stats count by node_primary_node_group_id | eval tag=case(node_primary_node_group_id=1, "Web Servers", node_primary_node_group_id=2, "App Servers", node_primary_node_group_id=3, "DB Servers", 1=1, "UNK") | fields node_primary_node_group_id tag</query>
      <fieldForLabel>tag</fieldForLabel>
      <fieldForValue>node_primary_node_group_id</fieldForValue>
</input>

In the query for your dependent panel, use the tokTag, as the user selected value to filter your data. Like this

<search>
<query>index=xyz node_primary_node_group_id=$tokTag$" | ...</query>
</search>
0 Karma
Reply
Solved! Jump to solution

dperry
Communicator
‎10-04-2016 12:47 PM

Thanks this is exactly what I was looking for !

0 Karma
Reply
Solved! Jump to solution

dperry
Communicator
‎10-04-2016 01:27 PM

I'm getting an error parsing XML......for the last

0 Karma
Reply
Solved! Jump to solution

dperry
Communicator
‎10-04-2016 01:29 PM 
 <fieldForLabel>tag</fieldForLabel>
   <fieldForValue>node_primary_node_group_id</fieldForValue>
0 Karma
Reply
Solved! Jump to solution

dperry
Communicator
‎10-04-2016 01:43 PM

Sorry for the confusion....typo. This works!

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...