Solved: Re: How can I make use of a search string and toke...

niftynicholas · ‎05-17-2016

I am developing a dashboard to analyze users logs from an email application. The dashboard has a Time (Time Picker) and Email (Drop-down List) as inputs. Users are able to select time range and a email in interest to drill down the different panels in the dashboard.

The email drop-down list consists of All (*), email1, email2, ..., etc). The token for this drop-down list is $email$ .

When the user selects All, I would like some panels to show a message like "Further drilldown required". The reason is some panels are irrelevant when all emails are selected.

I know that I have to edit the various panels' search string use eval if(x,y,z) and the token $email$ . However, I have no clue on how to start. One problem is, I am unable to use eval function at the start of a search string.

I appreciate help from you guys. Thank you in advance. 😄

Cheers!
- Nick

sundareshr · ‎05-17-2016

Try something like this

<form>
  <label>Filters</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="tok_email" searchWhenChanged="true">
      <label>Select Email</label>
      <change>
      <condition value="All">
        <set token="tok_errMsg">Further drill-down required</set>
      </condition>
      <condition value="*">
        <set token="tok_errMsg"> </set>
      </condition>
      </change>
      <choice value="One">One</choice>
      <choice value="Two">Two</choice>
      <choice value="Three">Three</choice>
      <choice value="All">All</choice>
      <default>All</default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>$tok_errMsg$</title>

View solution in original post

randau9 · ‎08-04-2016

You can also have a separate token that gets set when value=*, like so:
true
and unset when value=All:
`

sundareshr · ‎05-17-2016

Try something like this

<form>
  <label>Filters</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="tok_email" searchWhenChanged="true">
      <label>Select Email</label>
      <change>
      <condition value="All">
        <set token="tok_errMsg">Further drill-down required</set>
      </condition>
      <condition value="*">
        <set token="tok_errMsg"> </set>
      </condition>
      </change>
      <choice value="One">One</choice>
      <choice value="Two">Two</choice>
      <choice value="Three">Three</choice>
      <choice value="All">All</choice>
      <default>All</default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>$tok_errMsg$</title>

niftynicholas · ‎05-18-2016

Hi sundareshr,

Thank you for your answer! You saved my day! It works good enough for me to present to my team.

Currently, "Further drill-down is required" is only reflected in the panel title. However, it would be better if the panels do no show any information but a line of text in order to prevent confusion.

Do you have a workaround? I'm really grateful for your help.

Cheers,
Nick

sundareshr · ‎05-19-2016

You can use the HTML panel for your title and use rejects on the panel that should be displayed conditionally

How can I make use of a search string and token to display text in panels?

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Are you a member of the Splunk Community?

How can I make use of a search string and token to display text in panels?

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...