Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I set individual tokens for both the fieldForValue and fieldForLabel?

wcooper003
Communicator
‎06-01-2017 06:22 AM

I want to have a token for both the form input value and label fields which differ (fieldForValue, fieldForLabel), is it possible to do this? Or is there a way to access the label from a token (e.g., $token.label$ which I realize doesn't work, but similar to $time.earliest$)?

Here's what I'm doing manually right now, but I don't want to have to have to add new conditions every time I update the lookup, which will grow quickly.

    <input type="dropdown" token="service">
      <label>Select a Service:</label>
      <fieldForLabel>Domains</fieldForLabel>
      <fieldForValue>AFFECTED_ITEM_STRING</fieldForValue>
      <search>
        <query>| inputlookup domain_report.csv | table *</query>
      </search>
      <initialValue>*aura*</initialValue>
       <change>
         <condition label="Service1">
           <set token="service_nm">Service1</set>
         </condition>
         <condition label="Service2">
           <set token="service_nm">Service2</set>
         </condition>
       </change>
    </input>

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎06-01-2017 07:10 AM

Yes! The exact thing you want is here: http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens#Access_labels_and_values_of_form_input...

<change>
    <set token="service_nm">$label$</set>
    <set token="service_val">$value$</set>
</change>

View solution in original post

Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎06-01-2017 07:10 AM

Yes! The exact thing you want is here: http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens#Access_labels_and_values_of_form_input...

<change>
    <set token="service_nm">$label$</set>
    <set token="service_val">$value$</set>
</change>
Reply
Solved! Jump to solution

wcooper003
Communicator
‎06-01-2017 07:51 AM

Excellent thank you!

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...