I have created a dashboard that allows you to enter a user and their information then write all of it to a lookup table. I need to help adjusting the search queries so that when you select add it writes the user to the lookup table and when you select remove it removes any instance where the users name is found in the lookup table. Here is my xml so far:
<panel depends="$add$">
<title>Add User</title>
<table>
<search>
<query>| inputlookup usb.csv | append [ | makeresults | eval user="$user_tok$", email="$email_tok$", description="$description_tok$", revisit="$revisit_tok$", Action="$dropdown_tok$" | fields - _time ] | table user, email, description, revisit | outputlookup usb.csv</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
<panel depends="$remove$">
<title>Remove User</title>
<table>
<search>
<query>| inputlookup usb.csv
| where user != ""
| table user, email, description, revisit
| outputlookup usb.csv
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
It looks like you're pretty close on this. In your remove user query, you're not calling the token you have for user. Try adding your token to the user!="" segment.
<query>| inputlookup usb.csv
| where user != "$user_tok$"
| table user, email, description, revisit
| outputlookup usb.csv
</query>
It looks like you're pretty close on this. In your remove user query, you're not calling the token you have for user. Try adding your token to the user!="" segment.
<query>| inputlookup usb.csv
| where user != "$user_tok$"
| table user, email, description, revisit
| outputlookup usb.csv
</query>
Thank You!!! that did work.