Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Use nested conditions in xml dashboard

kikiBen12
Engager
‎05-18-2017 06:50 AM

Hi,

I have a dashboard with inputs and I use condition to set some tokens, in the change statement. I have a first condition that solve the case of the default value and I have a second condition related to an other token from another input.
Finally I have a last condition statement working as an else to set tokens in other case than the default value.

My problem is that in the second conditions I set some tokens that I set again in the last statement because they correspond to the other case than the first.
The optimal solution will be to nest the second condition into the last since it's just a specifical case of the last.

Is it possible to nest conditions because I don't find a way to do this

Tags (3)
0 Karma
Reply

puneethgowda
Communicator
‎05-18-2017 08:58 AM

base search | search tokan1="$A$" OR tokan2="$B$" OR tokan3="$C$"

0 Karma
Reply

kikiBen12
Engager
‎05-19-2017 02:01 AM

I don't understand how to do this and why it is solve my problem

0 Karma
Reply

cmerriman
Super Champion
‎05-18-2017 08:33 AM

can you provide some of your xml (stripped of any sensitive data) to make it easier to help?

0 Karma
Reply

kikiBen12
Engager
‎05-19-2017 01:50 AM

< input type="dropdown" token="srcIP" >
< label>IP source< /label>
< fieldForLabel>res< /fieldForLabel>
< fieldForValue>src_ip< /fieldForValue>
< search >
< query >
| eval res=src_ip . " (" . hostname_src . ")"
| table res, src_ip
< /query>
< earliest>0< /earliest>
< latest>< /latest>
< /search >
< choice value="none">Aucune< /choice>
< default>none< /default>
< change >
< condition label="Aucune">
< unset token="show_panel_1">< /unset>
< set token="title_label_src">< /set>
< set token="src_by_clause">< /set>
< set token="src_set">false< /set>
< set token="src_ip_search">< /set>
< /condition>
< condition match="'dest_set' == "true"">
< set token="src_by_clause">< /set>
< set token="dest_by_clause">< /set>
< set token="show_panel_1">true< /set>
< set token="title_label_src">depuis $label$< /set>
< set token="src_set">true< /set>
< set token="src_ip_search">src_ip=$value$< /set>
< / condition>
< condition>
< set token="show_panel_1">true< /set>
< set token="title_label_src">depuis $label$< /set>
< set token="src_by_clause">by dest< /set>
< set token="src_set">true< /set>
< set token="src_ip_search">src_ip=$value$< /set>
< / condition>
< /change>
< /input>
< input type="dropdown" token="destIP" >
< label>IP destination< /label>
< fieldForLabel>res< /fieldForLabel>
< fieldForValue>dest_ip< /fieldForValue>
< search>
< query>
| eval res=dest_ip . "(" . hostname_dest . ")"
| table res, dest_ip
< /query>
< earliest>0< /earliest>
< latest>< /latest>
< /search >
< choice value="none">Aucune< /choice>
< default>none< /default>
< change>
< condition label="Aucune">
< unset token="show_panel_2">< /unset>
< set token="title_label_dest">< /set>
< set token="dest_by_clause">< /set>
< set token="dest_set">false< /set>
< set token="dest_ip_search">< /set>
< /condition>
< condition match="'src_set' == "true"">
< set token="src_by_clause">< /set>
< set token="dest_by_clause">< /set>
< set token="show_panel_2">true< /set>
< set token="title_label_dest">vers $label$< /set>
< set token="dest_set">true< /set>
< set token="dest_ip_search">dest_ip=$value$< /set>
< /condition>
< condition>
< set token="show_panel_2">true< /set>
< set token="title_label_dest">vers $label$< /set>
< set token="dest_by_clause">by src< /set>
< set token="dest_set">true< /set>
< set token="dest_ip_search">dest_ip=$value$< /set>
< /condition>
< /change>
< /input>

The search using this token :
< query>
$src_ip_search$ $dest_ip_search$
| stats sparkline count $src_by_clause$ $dest_by_clause$
< /query>

This input is populated by a search that return the IP source available. The second input is the same except it is for IP destination.
The first condition handle the default case that is none. At first I just have the last condition that handle the other cases. But I need to add the second condition to set the clause by of a stats command in a search. I want that if the first input as another choice than default it set the a token to "by dest" (for the search), reciprocally "by src" for the second input and no by clause if the two inputs are different from default. So I add the second condition to reset the token as empty if the other input as a choice different from the default

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...