can if , then only be used inside of a search stri...

ringbbg · ‎02-14-2017

can [if , then ] only be used inside of a search string (w/eval) ?
im asking coz i have a dual drop down setup. The first dropdown has 4 options.
While the second dropdown only has 1 value, w/c will display as "ALL".
HOwever, the value of this "ALL" will depend on the choice in the first dropdown.

lguinn2 · ‎02-15-2017

In your XML, you can set tokens that would redefine the meaning of "ALL" based on the other choices. But there might be an even easier way to do what you want. As @DalJeanis suggested, it would be helpful to see more about what you want to do. I would like to see the field set part of your XML, plus the searches you want to run, and a description of the variants.

But if you want to figure it out for yourself, then I recommend these resources:

In the Dashboards and Visualizations manual, there is a section on Token Usage in Dashboards. I believe this covers what you are trying to do.
I find the manual a bit abstract, although it does have examples. So I also recommend that you install the Splunk 6.x Dashboard Examples app.

DalJeanis · ‎02-15-2017

The context is unclear. If you post a chunk of code of what you are trying to do, and how you have it now, then we might be sable to get you closer.

can if , then only be used inside of a search string (w/eval)

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?