- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am trying to format multi-value cell data in a dashboard table using mvmap in an eval token before passing it on to a drilldown, however I am unable to figure out how to format the eval function and if this approach would work at all. I would appreciate if someone could tell me why this function fails.
I have included a test dashboard which shows sample data (sample column) and the format that I would like to create (test column). Unfortunately, the 'temptoken' token never gets evaluated.
Note, I understand that I could use different workarounds to avoid using mvmap in an eval token, such as creating a hidden field in the table and use it for drilldown, or using different eval functions (depending on the use case). I am specifically interested in the format of using mvmap in an eval token, as this function could be really useful in more complex cases that I have to deal with.
<dashboard>
<label>mvmap in eval token</label>
<row>
<panel>
<table>
<search>
<query>
<![CDATA[
| makeresults
| fields - _time
| eval sample = "text1 -> text2,text3 -> text4"
| eval sample = split(sample, ",")
``` the SPL above this line will generate the sample data ```
| eval test = mvmap(sample, split(sample, " -> "))
]]>
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">cell</option>
<drilldown>
<condition match="$click.name2$=="sample"">
<!-- This eval function is not working -->
<eval token="temptoken">mvmap('row.sample', split('row.sample', " -> "))</eval>
</condition>
<condition match="$click.name2$=="test"">
<eval token="temptoken2">'row.test'</eval>
</condition>
</drilldown>
</table>
</panel>
</row>
<row>
<html>
<p>
temptoken: $temptoken$
</p>
<p>
temptoken2: $temptoken2$
</p>
</html>
</row>
</dashboard>
Best Regards,
Robert
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Simple XML <eval> tag implements a subset of eval functions in JavaScript. Internally, multivalued results are JavaScript arrays. They are collapsed to comma-delimited strings when returned as values.
See $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/js/util/eval/functions/multivalue.js for the list of supported functions:
- split()
- mvappend()
- mvcount()
- mvfind()
- mvindex()
- mvjoin()
- mvdedup()
- mvsort()
- mvrange()
- mvzip()
- mvfilter()
Unfortunately, mvmap() is not supported.
Props to the dashboards and visualizations team for supporting as much as they did!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @tscroggins, thank you for the detailed explanation, and also for pointing out where I should look for the answer the next time 🙂
BR,
Robert
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Simple XML <eval> tag implements a subset of eval functions in JavaScript. Internally, multivalued results are JavaScript arrays. They are collapsed to comma-delimited strings when returned as values.
See $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/js/util/eval/functions/multivalue.js for the list of supported functions:
- split()
- mvappend()
- mvcount()
- mvfind()
- mvindex()
- mvjoin()
- mvdedup()
- mvsort()
- mvrange()
- mvzip()
- mvfilter()
Unfortunately, mvmap() is not supported.
Props to the dashboards and visualizations team for supporting as much as they did!
