Splunk Search

How do you set multiple tokens from the output of a search?

charlesmcdonald
Path Finder

Good Morning.

I'm trying to populate an HTML page using the results of a search. To do this, I've been creating tokens from the output of each search then putting those in the HTML. The output of one of my searches is a table. is there a way to select a specific box in the table to use as a token?

Example
header_1, header_2, value
A, B, 5
A, C, 6

<set token="token_a_b">results.header_1=A.header_2=B</set>

0 Karma
1 Solution

charlesmcdonald
Path Finder

Not sure if we are allowed to answer our own questions but I thought I'd add this incase someone else is trying to do the same thing.

The trick was to reformat the data into a single row with the column names being your "keys."
Once your data is in this format you can create as many tokens as you want and eval can be used to handle the case where a key was not generated for the specific search.

`
if($result.key_AB$!=0,$result.key_AB$,0)
if($result.key_AC$!=0,$result.key_AC$,0)

`

View solution in original post

charlesmcdonald
Path Finder

Not sure if we are allowed to answer our own questions but I thought I'd add this incase someone else is trying to do the same thing.

The trick was to reformat the data into a single row with the column names being your "keys."
Once your data is in this format you can create as many tokens as you want and eval can be used to handle the case where a key was not generated for the specific search.

`
if($result.key_AB$!=0,$result.key_AB$,0)
if($result.key_AC$!=0,$result.key_AC$,0)

`

richgalloway
SplunkTrust
SplunkTrust

@charlesmcdonald If your problem is resolved, please accept the answer to help future readers. Yes, you are allowed to accept your own answers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

niketn
Legend

@charlesmcdonald for the tabular data in your question, what are the two values you want to set as token when a table cell is clicked?

You can check out Splunk Documentation for enabling Table Drilldown: http://docs.splunk.com/Documentation/Splunk/latest/Viz/DrilldownIntro

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

charlesmcdonald
Path Finder

@niketnilay This wouldn't be a dilldown search, it would run in the background to generate a number of tokens. It works fine for a single token doing the below, but I want to be able to specify a more complicated token target.

<set token="field_1">$result.field_1$</set>

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...