Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

How to create a search based on a conditional dashboard token value?

rubyboomslang
New Member
‎06-19-2017 07:52 AM

Psuedocode:

If dashboard token is empty, run X search.
If token is not empty, run Y search.

if($field$ is omitted)
  search index=index1 (other conditions)
else
  search index=index1 field2=$field$)

How do I write this as a Splunk search?

0 Karma
Reply
Highlighted

Re: How to create a search based on a conditional dashboard token value?

pyro_wood
SplunkTrust
SplunkTrust
‎06-19-2017 10:36 AM

Hi,

could this help you any further?

      <input type="dropdown" token="xyz_application">
        <label>XYZ_Application</label>
        <default>Splunk</default>
        <fieldForLabel>Application</fieldForLabel>
        <fieldForValue>xyz_application</fieldForValue>
        <search>
          <query>index=someindex | dedup xyz_application | sort xyz_application</query>
          <earliest>-60d</earliest>
          <latest>now</latest>
        </search>
      </input>

This searches for "Splunk" as default application or something else, when you specify another one.
You can then simply transfer this token into another panel search or so.

0 Karma
Reply