Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to replace the value of a field by a token value in an xml form?

stephane_cyrill
Builder
‎04-17-2015 07:33 AM

Hi everyone,

I have a field call status, and I have a drop-down with values: open, new, in progress.......

What i need is:

1) When the user chooses a value from the drop-down, the status on the dashboard changes to that value

2) Is it possible to keep track of the changing of the status? How?

This is what I've tried:

<form>
  <label>CHANGE STATUS</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="status_token" searchWhenChanged="true">
      <label>Change status</label>
      <choice value="new">new</choice>
      <default>new</default>
      <choice value="Open">Open</choice>
      <choice value="Closed">Closed</choice>
      <choice value="progress">in progress</choice>
    </input>
  </fieldset>
  <row>
    <panel>
      <title> </title>
      <table>
        <title>status is $status_token$</title>
        <search>
          <query>index=_* |eval status="change this status"|eval status=if($status_token$!="change this status",$status_token$ ,"change this status")| table host source status</query>
          <earliest>0</earliest>
          <latest></latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>
Tags (4)
Reply
1 Solution
Solved! Jump to solution
Solution

Raghav2384
Motivator
‎04-17-2015 09:17 AM

Not sure if i understand your question, if you want the search to include user selection, since you have status as a token

How about adding status="$status_token$" to your search?

Example let's say user selected status = in progress from the drop-down.
index=_* status="$status_token$"|...... would read
index=_* status="in progress"|....

Hope this helps.
Thanks,
Raghav

View solution in original post

Reply
Solved! Jump to solution
Solution

Raghav2384
Motivator
‎04-17-2015 09:17 AM

Not sure if i understand your question, if you want the search to include user selection, since you have status as a token

How about adding status="$status_token$" to your search?

Example let's say user selected status = in progress from the drop-down.
index=_* status="$status_token$"|...... would read
index=_* status="in progress"|....

Hope this helps.
Thanks,
Raghav

Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎04-17-2015 10:11 AM

THanks Raghav2384

very much I try the quote on the token an it is working: status="$status_token$"

Reply
Solved! Jump to solution

Raghav2384
Motivator
‎04-17-2015 10:13 AM

Please feel free to accept it as an answer 🙂

Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎04-17-2015 10:23 AM

I"m not seeing the link to accept but I voted.

0 Karma
Reply
Solved! Jump to solution

Raghav2384
Motivator
‎04-17-2015 10:23 AM

there you go 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...