Hi ,
I have created a base search like this :
index=servers sourcetype=json Version=17 Id=$ID$
As can be seen from here $ID$ is the token for the field value of Id field. Below in the dashboard XML I have defined the logic to populate the value of this token. But ultimately in the search queries it shows Id=$result.TS$ where TS is the value of the token being set against the item selected in the drop down. When I remove this base search and use it just like a normal search, it works fine. I am trying to use the base search concept to load up the dashboard faster because in most of the queries the search terms are common which I have defined in the base search.
If the ID is a dropdown token, it shouldn't have $result.
prefix. Try using the exact token name for the dropdown input in your query.
My bad $SPACE$ is the drop down token.
index=servers sourcetype=json Version=17 Id=$SPACE$
So if you see, if someone selects the option TECH space, we want hidden dropdown to be invoked
could you share the XML you have for populating the token and your full base search?
This is the base search :
<query>index=servers sourcetype=json Version=17 Id=$ID$
XML for populating the token value
<input type="dropdown" token="Space" searchWhenChanged="true">
<label>Select a Space Number:</label>
<default>tech</default>
<choice value="*">All space</choice>
<choice value="tech">TECH space</choice>
<fieldForLabel>spaceName</fieldForLabel>
<fieldForValue>SPACE</fieldForValue>
<search>
<query>| inputlookup servers.csv | search OPEN="Y"
| sort SPACE
| rex mode=sed field=SPACE "s/(\d+)/000\1/"
| rex mode=sed field=SPACE "s/0*([0-9]{4})/\1/"
| eval spaceName = SPACE+"-"+SPACE_NAME+"-"+SPACE
| table SPACE spaceName</query>
</search>
<change>
<condition value="tech">
<set token="TC_SPACE_FLAG">Y</set>
</condition>
<condition>
<unset token="TC_SPACE_FLAG"></unset>
</condition>
</change>
<suffix>*</suffix>
</input>
<input type="dropdown" token="TECH_SPACE" searchWhenChanged="true" depends="$HideIt$">
<label>TECH_SPACE</label>
<fieldForLabel>TS</fieldForLabel>
<fieldForValue>TS</fieldForValue>
<selectFirstChoice>true</selectFirstChoice>
<search>
<query>| inputlookup server.csv | search TC_SPACE=$TC_SPACE_FLAG$ | table SPACE
| rex mode=sed field=SPACE "s/(\d+)/000\1/"
| rex mode=sed field=SPACE "s/0*([0-9]{4})/\1/"
| eval TS="ID="+SPACE
| table TS
| mvcombine delim=" OR " TS | nomv TS
| rex mode=sed field=TS "s/^ID\=//"</query>
<done>
<set token="SPACE">$result.TS$</set>
</done>
I don't see anywhere in that code where you actually set the token named $ID$
Yes my bad, That should be $SPACE$ which i am using in the base query.
Now since is see the Token values being populated, but i see a weird behaviour. Since the base search is at the top and being executed first with ID=$SPACE$ value, and the corresponding populating search takes time to populate all the values because of which ID=$results.TS$ and the sub query doesnt find any results and displays 0 results. Whereas when i open the inline search i can the results.