Usage of Token for eval function in dashboard quer...

bharathkumarnec · ‎03-15-2017

Hi All,

How to use tokens in the eval function when we write query in the dashboard:

I have a token with name "IN" and have to use in the query like below:

index=abc | stats count as count1| eval xyz=if(count1>=0,"$IN$",1)

OR

index=abc | stats count as count1 | eval xyz="$IN$"

Kindly help me out on this issue.

Regards,
BK

woodcock · ‎03-15-2017

You are doing it correctly; there must be some other problem.

somesoni2 · ‎03-15-2017

So you the syntax above are not working for you? What do you get when you use this?

bharathkumarnec · ‎03-15-2017

@somesoni2, thnx for the reply...I had some typo error in my query, as my original query is too big I could not identify it...Fixed the issue and results are seen as expected.

rjthibod · ‎03-15-2017

Then please close / delete this question since it was user error.

Usage of Token for eval function in dashboard query

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Usage of Token for eval function in dashboard query

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>