How to reset token value on input change with a li...

notricky · ‎06-20-2020

I have a dashboard.

There are several inputs. One of them is a DateTime picker.

I wish on the open as well as on choosing a new date range to fill a token value (that is a token from drilldown) with a set of values (for example - a comma separated) which I would like to retrieve from a separate query. I mean a query is not binded to any of the dashboards or the base query.

This could be something like this:

<form>
  <fieldset submitButton="false">
    <input type="time" token="dateFilter">
      <label>By time</label>
      <default>
        <earliest>-7d@w0</earliest>
        <latest>@w0</latest>
      </default>
      <change>
        <set token="filial">
          <query>
            <search>
              index=fed-trash source=spok 
              |stats values(FILIAL_ID)
              |eval f = mvjoin(FILIAL_ID, ",")
            </search>
          </query>
        </set>
      </change>
    </input>
  </fieldset>

This is wrong ofcourse, but I hope this explains what I want.
Actually I want the produced result from a query above:

FILIAL_ID

1111

2222

3333

would be transformed to a string

1111,2222,3333

and be paste as if I set a token by this:

<change>
   <set token="filial">1111,2222,3333</set>
</change>

as I use token $filial$ further in my dashboad query at WHERE-clause like this

index=... source=...
|where FILIAL_ID IN ($filial$)
...

How to reset token value on input change with a list of values from search results

stats

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!