I am passing token "host_tok" from dashboardA to dashboardB
Now I am trying to set the query based on token passed
XML for Dashboard B as below:
================
<dashboard>
<label>Consul Level 2 Errors</label>
<description>Gives stats on ERRORS</description>
<row>
<panel>
<single>
<title>Number of Errors in last 5 minutes</title>
<search>
<init>
<condition match="$host_tok$=="consul_client"">
<set token="Panel1">host!=*consul* OR servername!=*consul* earliest=-5m sourcetype=consul_log index=hcm_consul "[ERROR]" NOT ("rpc error making call: rpc error making call: Permission denied" OR "rpc error making call: Permission denied" OR "Newer Consul version available") | eval SEARCH_CRITERIA=case(like(_raw, "%Push/Pull with%"), "Push/Pull Error", like(_raw, "%Failed fallback ping%"), "Failed fallback ping Error", like(_raw, "%connection reset by peer%"), "Connection reset by peer Error", like(_raw, "%keepalive timeout%"), "Keepalive Timeout Error", like(_raw, "%i/o timeout%"), "I/O Timeout Error", like(_raw, "%lead thread didn't get connection%"), "Lead thread didn't get connection Error", like(_raw, "%failed to get conn: EOF%"), "Failed to get conn: EOF Error", like(_raw, "%rpc error making call: EOF%"), "RPC error making call: EOF Error", like(_raw, "%Permission denied%"), "Permission denied Error", like(_raw, "%Timeout exceeded while awaiting headers%"), "Timeout exceeded while awaiting headers Error", true(), "Other Error")| stats count by SEARCH_CRITERIA</set>
</condition>
<condition match="$host_tok$=="consul_server"">
<set token="Panel1">host=*consul* OR servername=*consul* earliest=-5m sourcetype=consul_log index=hcm_consul "[ERROR]" NOT ("rpc error making call: rpc error making call: Permission denied" OR "rpc error making call: Permission denied" OR "Newer Consul version available") | eval SEARCH_CRITERIA=case(like(_raw, "%Push/Pull with%"), "Push/Pull Error", like(_raw, "%Failed fallback ping%"), "Failed fallback ping Error", like(_raw, "%connection reset by peer%"), "Connection reset by peer Error", like(_raw, "%keepalive timeout%"), "Keepalive Timeout Error", like(_raw, "%i/o timeout%"), "I/O Timeout Error", like(_raw, "%lead thread didn't get connection%"), "Lead thread didn't get connection Error", like(_raw, "%failed to get conn: EOF%"), "Failed to get conn: EOF Error", like(_raw, "%rpc error making call: EOF%"), "RPC error making call: EOF Error", like(_raw, "%Permission denied%"), "Permission denied Error", like(_raw, "%Timeout exceeded while awaiting headers%"), "Timeout exceeded while awaiting headers Error", true(), "Other Error")| stats count by SEARCH_CRITERIA</set>
</condition>
</init>
<query>$Panel1$</query>
<earliest>$earliest$</earliest>
<latest>$latest$</latest>
<refresh>1m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="count">10</option>
<option name="drilldown">cell</option>
</single>
</panel>
</row>
<row>
<panel>
<chart>
<title>Error's Trendline for Nodes in last 60 minutes</title>
<search>
<query>$Panel2$</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
<refresh>1m</refresh>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">45</option>
<option name="charting.chart">line</option>
</chart>
</panel>
</row>
</dashboard>
================
I am unable to get data its keep saying waiting for input.
Can you suggest how I can achieve two different queries based on token passed?
@lping when you are trying to pass value from one dashboard to other you have to use form based URL tokens so instead of using host_tok use form.host_tok.
@lping Based on your example seems like host_tok token value from source dashboard can only have two values i.e. consul_client or consul_server. In the destination dashboard if you do not want users to change this value have a hidden input consume the token and set required SPL accordingly. I have used a dropdown in the following example.
PS: search event handlers can be <done>, <progress>, <fail>, <error> or <cancelled>. The <init> section is only for Dashboard load. Having said these you actually need an input and code <change> event handler.
I dont know from where you are getting $earliest$ and $latest$ for one of your panel while the other panel Search uses static time. If these tokens are also coming from the source dashboard's drilldown, you would need to create a time input as well and set the default value accordingly.
Please try out and confirm the following example based on your question:
<form>
<label>Conditional Token</label>
<description>Gives stats on ERRORS</description>
<fieldset submitButton="false">
<input depends="$alwaysHide$" type="dropdown" token="host_tok" searchWhenChanged="true">
<label></label>
<change>
<condition value="consul_client">
<set token="Panel1">host!=*consul* OR servername!=*consul* earliest=-5m sourcetype=consul_log index=hcm_consul "[ERROR]" NOT ("rpc error making call: rpc error making call: Permission denied" OR "rpc error making call: Permission denied" OR "Newer Consul version available") | eval SEARCH_CRITERIA=case(like(_raw, "%Push/Pull with%"), "Push/Pull Error", like(_raw, "%Failed fallback ping%"), "Failed fallback ping Error", like(_raw, "%connection reset by peer%"), "Connection reset by peer Error", like(_raw, "%keepalive timeout%"), "Keepalive Timeout Error", like(_raw, "%i/o timeout%"), "I/O Timeout Error", like(_raw, "%lead thread didn't get connection%"), "Lead thread didn't get connection Error", like(_raw, "%failed to get conn: EOF%"), "Failed to get conn: EOF Error", like(_raw, "%rpc error making call: EOF%"), "RPC error making call: EOF Error", like(_raw, "%Permission denied%"), "Permission denied Error", like(_raw, "%Timeout exceeded while awaiting headers%"), "Timeout exceeded while awaiting headers Error", true(), "Other Error")| stats count by SEARCH_CRITERIA</set>
<set token="Panel2">| gentimes start=-10
| eval _time=starttime
| fields _time
| eval client=random()</set>
</condition>
<condition value="consul_server">
<set token="Panel1">host=*consul* OR servername=*consul* earliest=-5m sourcetype=consul_log index=hcm_consul "[ERROR]" NOT ("rpc error making call: rpc error making call: Permission denied" OR "rpc error making call: Permission denied" OR "Newer Consul version available") | eval SEARCH_CRITERIA=case(like(_raw, "%Push/Pull with%"), "Push/Pull Error", like(_raw, "%Failed fallback ping%"), "Failed fallback ping Error", like(_raw, "%connection reset by peer%"), "Connection reset by peer Error", like(_raw, "%keepalive timeout%"), "Keepalive Timeout Error", like(_raw, "%i/o timeout%"), "I/O Timeout Error", like(_raw, "%lead thread didn't get connection%"), "Lead thread didn't get connection Error", like(_raw, "%failed to get conn: EOF%"), "Failed to get conn: EOF Error", like(_raw, "%rpc error making call: EOF%"), "RPC error making call: EOF Error", like(_raw, "%Permission denied%"), "Permission denied Error", like(_raw, "%Timeout exceeded while awaiting headers%"), "Timeout exceeded while awaiting headers Error", true(), "Other Error")| stats count by SEARCH_CRITERIA</set>
<set token="Panel2">| gentimes start=-10
| eval _time=starttime
| fields _time
| eval server=random()</set>
</condition>
</change>
<choice value="consul_client">Client</choice>
<choice value="consul_server">Server</choice>
<default>consul_client</default>
</input>
</fieldset>
<row>
<panel>
<single>
<title>Number of Errors in last 5 minutes</title>
<search>
<query>$Panel1$</query>
<earliest>$earliest$</earliest>
<latest>$latest$</latest>
<refresh>1m</refresh>
<refreshType>delay</refreshType>
</search>
</single>
</panel>
</row>
<row>
<panel>
<chart>
<title>Error's Trendline for Nodes in last 60 minutes</title>
<search>
<query>$Panel2$</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
<refresh>1m</refresh>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">45</option>
<option name="charting.chart">line</option>
</chart>
</panel>
</row>
</form>
Hi @niketn ,
Thanks for your reply.
I tried the solution you have proposed and is close enough but only issue is when I click from Dashboard 1 my host_tok is been passed as
https://xyz.com/en-US/app/search/consul_level2_errors_test?host_tok="consul_server"&form.host_tok=
along with additional form.host_tok which cant be defaulted to any value.
Basically my second dashboard need to consume host_tok and based on that it need to run the query set under condition tag.
Hope you can help me in fixing this issue.
@lping when you are trying to pass value from one dashboard to other you have to use form based URL tokens so instead of using host_tok use form.host_tok.
Thanks for your help @niketn It works perfectly.
@lping you should have accepted the previous elaborate answer, as that covered the solution for the issue posted. However, do upvote the comments / answers that assisted resolving your issue!