| rest /services/authentication/users splunk_server=local
| search
[| rest /services/authentication/current-context
| rename username as title
| fields title]
| eval title=upper(title)
| lookup employeeinfo.csv RACF_ID as title output EMPLOYEE_FULL_NAME
| lookup rolesnames.csv "Delivery Manager" as EMPLOYEE_FULL_NAME output "Delivery Area" as area
| where EMPLOYEE_FULL_NAME="abcd"
| map
[| inputlookup EPerformanceData.csv
| search "Sub Division 6"="$area$"
| stats count by "Sub Division 5"
| eval "% Completed"=((Completed/'Total to be Complete')*100)
| eval "% Completed"=round('% Completed',2)
| rename "Sub Division 5" as "Business Area"]
This patch of code works well. Now my requirement is i need to add once more inpulookupfile saying dates.csv which i need to use in this query like |inpulookup dates.csv |search Quarter=$quarter$
and here the $quarter$` values comes from the selected dropdown.
But where ever i try to include the above line of code either i get error or my previous tokens like area doesn't get the required value.
So please help me with thequery.
Thanks
Try to use |inpulookup dates.csv where Quarter="$quarter$", might be the token value is set to empty and the replacement causes an syntax error in the query, so enclose the token value in double quotes.
Did you try to add token's value in an eval and try to call it on your new inputlookup by eval?
Let me explaine better, In my mind you are trying to do this "| Join [|inpulookup dates.csv |search Quarter=$quarter$]", if your "$quarter$" did not work try "| eval quarterValue="$quarter$"" and then "| Join [|inpulookup dates.csv |search Quarter=quarterValue]"