Splunk Search

How do you set multiple tokens from the output of a search?

Path Finder

Good Morning.

I'm trying to populate an HTML page using the results of a search. To do this, I've been creating tokens from the output of each search then putting those in the HTML. The output of one of my searches is a table. is there a way to select a specific box in the table to use as a token?

Example
header_1, header_2, value
A, B, 5
A, C, 6

<set token="token_a_b">results.header_1=A.header_2=B</set>

0 Karma
1 Solution

Path Finder

Not sure if we are allowed to answer our own questions but I thought I'd add this incase someone else is trying to do the same thing.

The trick was to reformat the data into a single row with the column names being your "keys."
Once your data is in this format you can create as many tokens as you want and eval can be used to handle the case where a key was not generated for the specific search.

`
if($result.key_AB$!=0,$result.key_AB$,0)
if($result.key_AC$!=0,$result.key_AC$,0)

`

View solution in original post

Path Finder

Not sure if we are allowed to answer our own questions but I thought I'd add this incase someone else is trying to do the same thing.

The trick was to reformat the data into a single row with the column names being your "keys."
Once your data is in this format you can create as many tokens as you want and eval can be used to handle the case where a key was not generated for the specific search.

`
if($result.key_AB$!=0,$result.key_AB$,0)
if($result.key_AC$!=0,$result.key_AC$,0)

`

View solution in original post

SplunkTrust
SplunkTrust

@charlesmcdonald If your problem is resolved, please accept the answer to help future readers. Yes, you are allowed to accept your own answers.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

SplunkTrust
SplunkTrust

@charlesmcdonald for the tabular data in your question, what are the two values you want to set as token when a table cell is clicked?

You can check out Splunk Documentation for enabling Table Drilldown: http://docs.splunk.com/Documentation/Splunk/latest/Viz/DrilldownIntro

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Path Finder

@niketnilay This wouldn't be a dilldown search, it would run in the background to generate a number of tokens. It works fine for a single token doing the below, but I want to be able to specify a more complicated token target.

<set token="field_1">$result.field_1$</set>

0 Karma