This is the View which I created with a form which contains a dropdown to list department names.All the hosts are tagged with the Dept Names eg. ACC,CORP,FIN.There are about 1500 hosts.
<form>
<label>Log Sources that are reporting</label>
<searchTemplate>| metadata type=hosts | fields + host, firstTime, lastTime,totalCount | convert ctime(firstTime) | convert ctime(lastTime) | sort - host | TAGS | search tag::host=$bussiness$ </searchTemplate>
<earliestTime>-7d</earliestTime>
<fieldset>
<input type="dropdown" token="bussiness">
<label>Select Business</label>
<choice value="CORP">Corporate</choice>
<choice value="ACC">Accounts</choice>
<choice value="Fin">Finance</choice>
</input>
</fieldset>
<row>
<!-- output the results as a 50 row events table -->
<table>
<title>Matching events</title>
<option name="count">50</option>
</table>
</row>
</form>
After I submit the form after selecting CORP from the dropdown option I do not get any results.However when I click on the view results button I see that the query has "None" inserted in it.
| metadata type=hosts | fields + host, firstTime, lastTime,totalCount | convert ctime(firstTime) | convert ctime(lastTime) | sort - host | TAGS None | search tag::host=CORP
Could you someone help me out with this one as this is urgent?
In your search | sort - host | TAGS | search tag::host=$bussiness$ have you tried adding the word host to TAGS?
| sort - host | tags host | search tag::host=$bussiness$
Travis.
In your search | sort - host | TAGS | search tag::host=$bussiness$ have you tried adding the word host to TAGS?
| sort - host | tags host | search tag::host=$bussiness$
Travis.
Thanks.That worked.