Solved: Re: How to unset an input token when value isn't t...

vshakur · ‎08-16-2017

I have the following xml code:

   <change>
        <condition value="default_value">
           <unset token="some_token"></unset>
        </condition>
   </change>

I would like to unset some_token only when value DOESN'T equal "default_value".
I tried: condition value!="default_value" but it doesn't work and I get an error.

Thank you,
Samuel

sbbadri · ‎08-16-2017

try this

Check below link,
https://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Viz/tokens

View solution in original post

sbbadri · ‎08-16-2017

try this

Check below link,
https://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Viz/tokens

vshakur · ‎08-16-2017

It seems to be the right direction.
I just don't understand what should be the fieldname.
Should it be $current_token$? or a field from the input's search query?

sbbadri · ‎08-16-2017

You need to use field from query. You haven't posted previous lines above change tag. So that i have mentioned as fieldname

vshakur · ‎08-16-2017

Great, thanks!

How to unset an input token when value isn't the default

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Are you a member of the Splunk Community?

How to unset an input token when value isn't the default

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler