Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you set multiple tokens from the output of a search?

charlesmcdonald
Path Finder
‎12-12-2018 07:10 AM

Good Morning.

I'm trying to populate an HTML page using the results of a search. To do this, I've been creating tokens from the output of each search then putting those in the HTML. The output of one of my searches is a table. is there a way to select a specific box in the table to use as a token?

Example
header_1, header_2, value
A, B, 5
A, C, 6

<set token="token_a_b">results.header_1=A.header_2=B</set>

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

charlesmcdonald
Path Finder
‎12-12-2018 12:22 PM

Not sure if we are allowed to answer our own questions but I thought I'd add this incase someone else is trying to do the same thing.

The trick was to reformat the data into a single row with the column names being your "keys."
Once your data is in this format you can create as many tokens as you want and eval can be used to handle the case where a key was not generated for the specific search.

`
if($result.key_AB$!=0,$result.key_AB$,0)
if($result.key_AC$!=0,$result.key_AC$,0)

`

View solution in original post

Reply
Solved! Jump to solution
Solution

charlesmcdonald
Path Finder
‎12-12-2018 12:22 PM

Not sure if we are allowed to answer our own questions but I thought I'd add this incase someone else is trying to do the same thing.

The trick was to reformat the data into a single row with the column names being your "keys."
Once your data is in this format you can create as many tokens as you want and eval can be used to handle the case where a key was not generated for the specific search.

`
if($result.key_AB$!=0,$result.key_AB$,0)
if($result.key_AC$!=0,$result.key_AC$,0)

`

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-12-2018 12:44 PM

@charlesmcdonald If your problem is resolved, please accept the answer to help future readers. Yes, you are allowed to accept your own answers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎12-12-2018 10:51 AM

@charlesmcdonald for the tabular data in your question, what are the two values you want to set as token when a table cell is clicked?

You can check out Splunk Documentation for enabling Table Drilldown: http://docs.splunk.com/Documentation/Splunk/latest/Viz/DrilldownIntro

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

charlesmcdonald
Path Finder
‎12-12-2018 10:54 AM

@niketnilay This wouldn't be a dilldown search, it would run in the background to generate a number of tokens. It works fine for a single token doing the below, but I want to be able to specify a more complicated token target.

<set token="field_1">$result.field_1$</set>

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...