Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Create and Reuse Variable in Multiple Places

jslealdi
Explorer
‎07-10-2019 09:37 AM

Hi guys.

I want to create a variable, lets say my_var_thresdold = 1000
After that, I want to use that var in two places:

  1. Within an alert: place my_var_thresdold as a trigger condition; like: is_greater than $my_var_thresdold$ External var in an alert
  2. Within a dashboard, when writing a query, use that very same var; like | eval maxAlert=$my_var_thresdold$ External var within a dashboard

I was taking a look at SideView utils, but I was not able to find anything that works for my situation. Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jslealdi
Explorer
‎07-22-2019 01:00 PM

Hi. I ended up using a lookup table, storing my thresholds there and using them from both the dashboard query and from the alert query.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jslealdi
Explorer
‎07-22-2019 01:00 PM

Hi. I ended up using a lookup table, storing my thresholds there and using them from both the dashboard query and from the alert query.

0 Karma
Reply
Solved! Jump to solution

nabeel652
Builder
‎07-10-2019 04:31 PM

Under

<form>
  <init>
     <set token="my_var_threshold">1000</set>
  </init>
.... Your other xml code

</form>

Define the token and then use it anywhere in your searches just like a variable.

0 Karma
Reply
Solved! Jump to solution

jslealdi
Explorer
‎07-11-2019 08:53 AM

Thanks @nabeel652
This not suffice the need because when creating a var inside a dashboard it will only live within that context and it won't be visible when configuring my alert.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...