Solved: Re: How to unset an input token when value isn't t...

vshakur · ‎08-16-2017

I have the following xml code:

   <change>
        <condition value="default_value">
           <unset token="some_token"></unset>
        </condition>
   </change>

I would like to unset some_token only when value DOESN'T equal "default_value".
I tried: condition value!="default_value" but it doesn't work and I get an error.

Thank you,
Samuel

sbbadri · ‎08-16-2017

try this

Check below link,
https://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Viz/tokens

View solution in original post

sbbadri · ‎08-16-2017

try this

Check below link,
https://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Viz/tokens

vshakur · ‎08-16-2017

It seems to be the right direction.
I just don't understand what should be the fieldname.
Should it be $current_token$? or a field from the input's search query?

sbbadri · ‎08-16-2017

You need to use field from query. You haven't posted previous lines above change tag. So that i have mentioned as fieldname

vshakur · ‎08-16-2017

Great, thanks!

How to unset an input token when value isn't the default

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

How to unset an input token when value isn't the default

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!