Splunk Search

Spl query is not working

jaibalaraman
Path Finder

Hi Team 

Could you please advice why the below query is not showing any data 

" `secrpt-active-users($select321$)`"

 

Thanks 

Labels (4)
0 Karma

jaibalaraman
Path Finder

When i navigate to check the token, i find the below 

jaibalaraman_1-1724289064147.png

 

However i am not sure , is token existing or do i need to create new one. 
1 - If i want to create a new token how should i map the spl query to this token ??

0 Karma

bowesmana
SplunkTrust
SplunkTrust

Those are different tokens.

Things in your SPL that have $xxx$ are dashboard tokens and are set by logic in the dashboard, either through an input or through some drilldown.

0 Karma

jaibalaraman
Path Finder

When i am trying to expand the macro, i am getting the below error message 

jaibalaraman_0-1724288994815.png

 

0 Karma

bowesmana
SplunkTrust
SplunkTrust

Is your problem from a search in a dashboard or a raw search in the search bar?

I suspect this is two issues - the first dashboard issue is a token issue and this is missing the ldapfilter command.

Is this your dashboard - if you do not have access to the ldapfilter command then even if you fix the token you make not get your search working.

0 Karma

jaibalaraman
Path Finder

Problem from dashboard, this dashboard comes with default package of ITSI which i am trying to do reverse engineering fixing the dashboard

How do i fix this issue 

jaibalaraman_0-1724297166253.png

 

What is ldapfilter command ? and how do i fix the token issue

 

 

0 Karma

jaibalaraman
Path Finder

Sorry the "" its my post 

0 Karma

bowesmana
SplunkTrust
SplunkTrust

If this is in a dashboard, then that $select321$ looks to be a token and if that token has not been set you will get the message you are seeing.

On a separate point, are the double quotes surrounding the SPL or is that your post? Because it looks like it is a macro, but if the double quotes are really surrounding the macro, then it's not a macro, but a string.

Anyway, the token is your problem.

0 Karma

jaibalaraman
Path Finder

jaibalaraman_0-1724280699333.png

 

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...