Re: Setting variable based on token value

anthonyb90 · ‎03-25-2022

I'm looking to set a variable (customerLabel) depending on whether the user selects "framework" or "team" from a dropdown list. The token set with the dropdown is $grouping-name$. Where am I going wrong as customerLabel is not being set with a value at all.

I've included a snippet of the code below:

| eval teamCustomerLabel=case(issueLabel="customer1", "Customer 1", issueLabel="customer2", "Customer 2", issueLabel="customer3", "Customer 3", issueLabel="customer4", "Customer 4", issueLabel="customer5", "Customer 5", issueLabel="customer6", "Customer 6")

| eval frameworkCustomerLabel=case(issueLabel="customer1", "Group 1", issueLabel="customer2", "Group 1", issueLabel="customer3", "Group 2", issueLabel="customer4", "Group 2", issueLabel="customer5", "Group 3", issueLabel="customer6", "Group 3")

| eval customerLabel=case("$grouping-name$"=="framework", frameworkCustomerLabel, "$grouping-name$"=="team", teamCustomerLabel)

| chart count(key) as "Created" over _time by customerLabel where top 50

ITWhisperer · ‎03-25-2022

Set the values in your dropdown

<option value="frameworkCustomerLabel">framework</option>
<option value="teamCustomerLabel">team</option>

and use the token in the search

| eval teamCustomerLabel=case(issueLabel="customer1", "Customer 1", issueLabel="customer2", "Customer 2", issueLabel="customer3", "Customer 3", issueLabel="customer4", "Customer 4", issueLabel="customer5", "Customer 5", issueLabel="customer6", "Customer 6")

| eval frameworkCustomerLabel=case(issueLabel="customer1", "Group 1", issueLabel="customer2", "Group 1", issueLabel="customer3", "Group 2", issueLabel="customer4", "Group 2", issueLabel="customer5", "Group 3", issueLabel="customer6", "Group 3")

| chart count(key) as "Created" over _time by $grouping-name$ where top 50

How to set variable based on token value

chart

eval

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!