Hi @gcusello 

Thank you for your reply.

I don't need any Button. On selecting a row on Panel1, all the required tokens will be passed to Panel2.

My requirement is to validate the tokens on Panel2,.

1) if tokens values are passed the validation then I need to save the data to Splunk Index. 

2) if validation fails, then the data should not be saved on Splunk Index.

Hi @potnuru,

how do you think to validate the results?

the easiest way is a button.

Otherwise, you could create another drilldown in an hidden panel containing the collect command.

It isn't a clear way to work for the users: if OK click on a row if it isn't OK no click?

Ciao.

Giuseppe

@gcusello  if OK click on a row if it isn't OK no click?--> This won't work for me. Because every time user have to click on a row in Dashboard Panel1 and he could see the results in Panel2.

Panel2 Output might be like this:

1) Data is validated successfully and saved to Index.

2) Data validation is failed.

Here validation is simple one, like if the tokens matches with certain parameters (Example: Ticket_Status="Approved")

Hi @potnuru,

obviously my hint are two buttons: OK and Exit, the first confirm operation and runs the search with collect, the second one closes the dashboard or clean the search token.

Ciao.

Giuseppe

Hi @gcusello 

Looks like good solution to my requirement. Thank you.

Could you please help me on how to clear search tokens in a Dashboard with more than 2 panels and all are getting tokens from previous panels?

Example: There are 4 panels,

Panel2 gets tokens from Panel1. (click on Panel1)

Panel3 gets tokens from Panel2. (click on Panel2)

Panel4 gets tokens from Panel3. (click on Panel3)

If user clicks on panel1 row then I need to clear all the tokens on Panels 2,3,4 which are assigned previously.

Hi @potnuru,

see here to find how to reset tokens.

https://community.splunk.com/t5/Getting-Data-In/Reusable-Script-Reset-All-Tokens-with-a-Single-Click...

Ciao.

Giuseppe

P.S.: if this answer solves your need, please accept it for the other people of Community and Karma Points are appreciated by all contributors 😉

Hi @richgalloway ,

Thank you for your answer.

I know that my requirement is directly not possible as SPL is not procedural language.

But are there any alternatives/ tricks, I mean indirect way to make it possible ?

If there was a general way to do so then I would have said so.  Whether or not there's a trick to accomplish your specific goal is impossible to say given the information provided.

@richgalloway 

My requirement is just to skip few lines of SPL query if a certain condition is met.

So is there any possibility to skip few lines or jump to a specific part of SPL based on condition ?

Exact Requirement:

I have two panels in my Dashboard. In First Panel, we have data for different tickets/sessions which will be passed to panel 2 on selection.

In Panel2, we have to validate certain parameters and if all ok then save the data to Splunk index (using collect command) and show success message otherwise throw error message on to panel2.

Splunk 8.1 has the new require command that can abort a query if zero results were found at that point.  I don't know if that helps.  I don't know of any other way to skip parts of a query.