Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Tokens based on Tags

dperry
Communicator
‎10-04-2016 12:36 PM

I have a field value pair of the following:

node_primary_node_group_id=3
node_primary_node_group_id=4
node_primary_node_group_id=5
and so on....

I created a tag for these values. ex:
node_primary_node_group_id=3 (Web Servers)
node_primary_node_group_id=5 (App Servers)
node_primary_node_group_id=5 (DB Servers)

I want to create a token that would let the user see Dropdown Form Input Element with the tags I created - Web, App, and DB Server.

I think I understand the basixc syntax for a DropDown Form Input Element but not sure how to use tags. This is possible?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎10-04-2016 12:45 PM

You may not need tags for this purpose. You can create a drop-down that is dynamically populated. Like this

<input type="dropdown" token="tokTag">
<search>
<query>index=xyz earliest=-1d@d | stats count by node_primary_node_group_id | eval tag=case(node_primary_node_group_id=1, "Web Servers", node_primary_node_group_id=2, "App Servers", node_primary_node_group_id=3, "DB Servers", 1=1, "UNK") | fields node_primary_node_group_id tag</query>
      <fieldForLabel>tag</fieldForLabel>
      <fieldForValue>node_primary_node_group_id</fieldForValue>
</input>

In the query for your dependent panel, use the tokTag, as the user selected value to filter your data. Like this

<search>
<query>index=xyz node_primary_node_group_id=$tokTag$" | ...</query>
</search>

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎10-04-2016 12:45 PM

You may not need tags for this purpose. You can create a drop-down that is dynamically populated. Like this

<input type="dropdown" token="tokTag">
<search>
<query>index=xyz earliest=-1d@d | stats count by node_primary_node_group_id | eval tag=case(node_primary_node_group_id=1, "Web Servers", node_primary_node_group_id=2, "App Servers", node_primary_node_group_id=3, "DB Servers", 1=1, "UNK") | fields node_primary_node_group_id tag</query>
      <fieldForLabel>tag</fieldForLabel>
      <fieldForValue>node_primary_node_group_id</fieldForValue>
</input>

In the query for your dependent panel, use the tokTag, as the user selected value to filter your data. Like this

<search>
<query>index=xyz node_primary_node_group_id=$tokTag$" | ...</query>
</search>
0 Karma
Reply
Solved! Jump to solution

dperry
Communicator
‎10-04-2016 12:47 PM

Thanks this is exactly what I was looking for !

0 Karma
Reply
Solved! Jump to solution

dperry
Communicator
‎10-04-2016 01:27 PM

I'm getting an error parsing XML......for the last

0 Karma
Reply
Solved! Jump to solution

dperry
Communicator
‎10-04-2016 01:29 PM 
 <fieldForLabel>tag</fieldForLabel>
   <fieldForValue>node_primary_node_group_id</fieldForValue>
0 Karma
Reply
Solved! Jump to solution

dperry
Communicator
‎10-04-2016 01:43 PM

Sorry for the confusion....typo. This works!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...