I have a dashboard where the token CgClassUserId is being populated from a dropdown, and then other tokens (like CgClass) are being evaluated subsequently. I want to set a token s_class to be true if CgClass == 'S' and unset it if not. I am currently attempting this by having a change and condition match block of code after evaluating tokens like CgClass. However, with the addition of this code, when I change the CgClassUserId token, the subsequent eval tokens like CgClass are no longer changing as well. <input type="dropdown" token="CgClassUserId" searchWhenChanged="true"> <label>Application</label> <fieldForLabel>Application</fieldForLabel> <fieldForValue>CgClassUserId</fieldForValue> <search> <query>| inputlookup ActivCgApplicationLookup.csv | eval CgClassUserId=CgClass.UserId | sort +Application</query> <earliest>0</earliest> <latest></latest> </search> <change> <!-- Use predefined input token $label$ to set Application token to selected label --> <set token="Application">$label$</set> <!-- Extract CgClass and UserId values from combined CgClassUserId for selected Application --> <eval token="CgClass">substr($CgClassUserId$,1,1)</eval> <eval token="CgClassClause">"host=\"*-".lower($CgClass$)."-*\""</eval> <eval token="UserId">substr($CgClassUserId$,2)</eval> </change> <change> <condition match="$CgClass$ != &quot;S&quot;"> <unset token="s_class"></unset> <unset token="form.s_class"></unset> </condition> <condition match="$CgClass$ == &quot;S&quot;"> <set token="s_class">true</set> </condition> </change> </input> ... View more

Is there a way to get fillnull to work over all entries up until a certain time? Right now, I'm evaluating a field in a subsearch with earliest=@d, latest=now and then working with the field outside of the subsearch. I want fillnull to work on that field up until now, but when I put "| fillnull value=0 field" at the end of the subsearch, it's not working. When I put that statement outside of the subsearch, fillnull is working over all times, not until now. ... View more