Solved: Can I set individual tokens for both the fieldForV...

wcooper003 · ‎06-01-2017

I want to have a token for both the form input value and label fields which differ (fieldForValue, fieldForLabel), is it possible to do this? Or is there a way to access the label from a token (e.g., $token.label$ which I realize doesn't work, but similar to $time.earliest$)?

Here's what I'm doing manually right now, but I don't want to have to have to add new conditions every time I update the lookup, which will grow quickly.

    <input type="dropdown" token="service">
      <label>Select a Service:</label>
      <fieldForLabel>Domains</fieldForLabel>
      <fieldForValue>AFFECTED_ITEM_STRING</fieldForValue>
      <search>
        <query>| inputlookup domain_report.csv | table *</query>
      </search>
      <initialValue>*aura*</initialValue>
       <change>
         <condition label="Service1">
           <set token="service_nm">Service1</set>
         </condition>
         <condition label="Service2">
           <set token="service_nm">Service2</set>
         </condition>
       </change>
    </input>

Thanks

alacercogitatus · ‎06-01-2017

Yes! The exact thing you want is here: http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens#Access_labels_and_values_of_form_input...

<change>
    <set token="service_nm">$label$</set>
    <set token="service_val">$value$</set>
</change>

View solution in original post

alacercogitatus · ‎06-01-2017

Yes! The exact thing you want is here: http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens#Access_labels_and_values_of_form_input...

<change>
    <set token="service_nm">$label$</set>
    <set token="service_val">$value$</set>
</change>

wcooper003 · ‎06-01-2017

Excellent thank you!

Can I set individual tokens for both the fieldForValue and fieldForLabel?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms