×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
phajjar
New Member
Member since: ‎07-22-2018
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-22-2018
Activity Feed
View All

Re: How do I get the value for the fieldSelect tok...

by in Dashboards & Visualizations
‎07-23-2018 06:11 AM
‎07-23-2018 06:11 AM
That worked! Thanks. ... View more

Re: How do I get the value for the fieldSelect tok...

by in Dashboards & Visualizations
‎07-23-2018 06:10 AM
‎07-23-2018 06:10 AM
That worked. Thanks! ... View more

How do I get the value for the fieldSelect token u...

by in Dashboards & Visualizations
‎07-22-2018 12:44 PM
‎07-22-2018 12:44 PM
This is my first attempt at "Splunking" and I have code similar to the following: <panel> <input type='dropdown' token='fieldSelect' searchWhenChanged='true'> <label>Field:</label> <choice value='option 1'>Option 1</choice> <choice value='option 2'>Option 2</choice> <choice value='option 3'>Option 3</choice> </input> <chart> <search> <query>index="renamedIndex" sourcetype="renamedSourceType" renamedFirstField!="{}" | eval renamedSecondField = if (renamedSecondField="3", "A-Type", if(renamedSecondField="4", "A-Type", if(renamedSecondField="5", "A-Type", if(renamedSecondField="6", "A-Type", if (renamedSecondField="7", "A-Type", if(renamedSecondField="8", "A-Type", if(renamedSecondField="9", "A-Type", if(renamedSecondField="10", "A-Type", if(renamedSecondField="2", "B-Type", if (renamedSecondField="1", "C-Type",null)))))))))) | rename name AS "Cute_Field_Name"| fields firstColumnField secondColumnField thirdColumnField fourthColumnField fifthColumnField sixthColumnField renamedSecondField Threat_Name | chart count by $fieldSelect$</query> </search> <drilldown target='target1'> <set token="renamedSecondField">$renamedSecondField$</set> <set token="firstColumnField">$firstColumnField$</set> <set token="secondColumnField">$secondColumnField$</set> <set token="thirdColumnField">$thirdColumnField$</set> <set token=" fifthColumnField">$fifthColumnField$</set> </drilldown> </chart> <table id='target1' depends='$renamedSecondField$, $firstColumnField$, $secondColumnField$, $thirdColumnField$, $fifthColumnField$' > <search> <query>index="renamedIndex" sourcetype="renamedSourceType" renamedFirstField!="{}" | eval renamedSecondField = if (renamedSecondField="3", "A-Type", if(renamedSecondField="4", "A-Type", if(renamedSecondField="5", "A-Type", if(renamedSecondField="6", "A-Type", if (renamedSecondField="7", "A-Type", if(renamedSecondField="8", "A-Type", if(renamedSecondField="9", "A-Type", if(renamedSecondField="10", "A-Type", if(renamedSecondField="2", "B-Type", if (renamedSecondField="1", "C-Type",null)))))))))) | rename name AS "Cute_Field_Name"| fields firstColumnField secondColumnField thirdColumnField fourthColumnField fifthColumnField sixthColumnField renamedSecondField Threat_Name | chart count by $fieldSelect$</query> </search> </table> </panel> For the query in the table, how do I get the value for the fieldSelect token up at the top to appear as a column in the output of the drilldown? I'd like to filter the results of the output based on that value. Thanks in advance for any help. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM