Hi

I have created the following way to turn on events Splunk 7 easly, however can turn them off.

I use a eval foo="$EVENT_ON_OFF$" and a check box, however i cant get them off when i want them to.

 <row>
    <panel>
      <input type="checkbox" token="EVENT_ON_OFF" searchWhenChanged="true">
        <label>EVENT_ON_OFF</label>
        <choice value="ON">ON</choice>
        <delimiter> </delimiter>
      </input>
      <chart>
        <title>CPU by source - Events Overlay</title>
        <search type="annotation">
          <query>| tstats values("AMBER_EVENTS.evt.lvl") as "Count" from datamodel="AMBER_EVENTS" where "nodename"="AMBER_EVENTS" host=mx7654vm_ROB_AMBER_2 groupby _time, source ,AMBER_EVENTS.evt.lvl,AMBER_EVENTS.evt.dsc span=5s | eval foo="$EVENT_ON_OFF$" | rename AMBER_EVENTS.evt.lvl as INFO | rename AMBER_EVENTS.evt.dsc as MESSAGE
| eval annotation_label = MESSAGE
| eval annotation_category = INFO | table _time annotation_label annotation_category</query>
          <earliest>$global_time_tok.earliest$</earliest>
          <latest>$global_time_tok.latest$</latest>
        </search>
        <search>
          <query>| tstats avg("AMBER_METRIC.mtr.gauges.process.cpu.percentage") as "Avg" from datamodel="AMBER_METRIC" where "nodename"="AMBER_METRIC" host=mx7654vm_ROB_AMBER_2 groupby _time, source span=100s
 | timechart first("Avg") as "Avg" agg=max limit=5 useother=false span=100s by source</query>
          <earliest>$global_time_tok.earliest$</earliest>
          <latest>$global_time_tok.latest$</latest>
        </search>
        <option name="charting.axisY.abbreviation">auto</option>
        <option name="charting.axisY.includeZero">1</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.nullValueMode">connect</option>
        <option name="charting.drilldown">all</option>
        <option name="charting.fieldColors">{"/net/mx7654vm/data/apps/MX_ROB/logsrob7/authn/authn-app-0.1/5691a977-9a7c-4865-ba6a-aa0e9071d9b6.log_METRIC.log":"#1e93c6","/net/mx7654vm/data/apps/MX_ROB/logsrob7/counterpart/counterpart-app-0.1/e11a1aca-aed9-447c-8d51-bde79213dea9.log_METRIC.log":"#f2b827","/net/mx7654vm/data/apps/MX_ROB/logsrob7/counterpart/counterpart-0.1/4736d9d6-8224-4975-9e39-889eb346be90.log_METRIC.log":"#d6563c","/net/mx7654vm/data/apps/MX_ROB/logsrob7/counterpart/counterpart-0.1/ce142cf0-2cdb-47eb-8d08-13ef20690585.log_METRIC.log":"#6a5c9e","/net/mx7654vm/data/apps/MX_ROB/logsrob7/counterpart/counterpart-0.1/dca63eb4-ee82-4c96-92cf-c6f55ba0cc3d.log_METRIC.log":"#31a35f"}</option>
        <option name="charting.gridLinesX.showMajorLines">1</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option>
        <option name="charting.legend.mode">standard</option>
        <drilldown>
          <link target="_blank">/app/murex_mlc/amber_events</link>
        </drilldown>
      </chart>
    </panel>
  </row>