Splunk Search

can if , then only be used inside of a search string (w/eval)

ringbbg
Engager

can [if , then ] only be used inside of a search string (w/eval) ?
im asking coz i have a dual drop down setup. The first dropdown has 4 options.
While the second dropdown only has 1 value, w/c will display as "ALL".
HOwever, the value of this "ALL" will depend on the choice in the first dropdown.

Tags (1)
0 Karma

lguinn2
Legend

In your XML, you can set tokens that would redefine the meaning of "ALL" based on the other choices. But there might be an even easier way to do what you want. As @DalJeanis suggested, it would be helpful to see more about what you want to do. I would like to see the field set part of your XML, plus the searches you want to run, and a description of the variants.

But if you want to figure it out for yourself, then I recommend these resources:

  1. In the Dashboards and Visualizations manual, there is a section on Token Usage in Dashboards. I believe this covers what you are trying to do.
  2. I find the manual a bit abstract, although it does have examples. So I also recommend that you install the Splunk 6.x Dashboard Examples app.
0 Karma

DalJeanis
Legend

The context is unclear. If you post a chunk of code of what you are trying to do, and how you have it now, then we might be sable to get you closer.

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...