Splunk Enterprise Security

Omit Token Value from Results on 1 Panel

Path Finder

I'm have a dashboard with multiple panels, some of which provide hostnames and others that do not (some coming from AD and others coming from routers). I have text search boxes that tie to all the panels and populate data when it's available.

My question is, how do I omit results in a panel that looks at router logs and therefore doesn't have a hostname? Currently, if I do a search from a hostname, the panel running a search on router logs just pulls up all router logs. If someone searches for a hostname, I just want the panel that searches router logs to say 'no results found". All the table results except IP come from an Automatic Lookup populated by a Lookup file.

Below is the dashboard panel search string.

index=__sec_fw sourcetype=cisco:asa host IN ("router1", "router2") src_ip IN (,,,,,
| rename src_ip AS IP
| search IP="$ip$"
| table "IP", Location, Location_Additional, Floor, _time

0 Karma


hi @chrisschum - Not very clear to me.
You have a drop down input with host names?
If so, what is the expected result if user selects router1 from the drop down?
If you mean to say the result should be - no results found , then when should this query execute?
It is a bit confusing , can you throw some more clarity on your requirements?

0 Karma

Path Finder

I apologize it's taken me so long to respond.

Actually, it turns out I don't need to do it this way anymore as the needs change.

Thanks for responding!

0 Karma


@chrisschum if you can add the summary or overview of what you have done to resolve your issue as an answer and accept the same then it would be great so that the question is marked as answered and may assist other facing similar issue.

| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Path Finder

@niketnilay I completely understand, but the thing is the issue wasn't resolved. I just went a different direction with the dashboard. I simply made everyone who uses it (just a handful of people) aware that if they weren't searching an IP, to ignore the panels with IP information. I just worked around it.


0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...