Is it possible to refer to a specific post-process...

sreegouthamredd · ‎02-06-2020

Is it possible to refer to a specific post-process search in you dashboard, by use of a token (input dropdown).

For instance, when having two post-process searches from a base search . I want to refer to either one of the post-process search by using a token in my a panel .

This however doesn't seem to work, see example below,

<form>
    <search id="BaseSearchQ">
       <query>SOME Base Search QUERY</query>
    </search>
      <search  base="BaseSearchQ" id="PostProcessQ1">
       <query>SOME Post Process QUERY1</query>
      </search>
      <search  base="BaseSearchQ" id="PostProcessQ2">
       <query>SOME Post Process QUERY2</query>
      </search>

      <row>
       <panel>
         <input type="dropdown" token="selectedtok" searchWhenChanged="true">
           <label>Service Provider</label>
             <choice value="PostProcessQ1">Windows</choice>
            <choice value="PostProcessQ2">Linux</choice>
         </input>
       <single>
        <title>TEST_FOO</title>
         <search base="$selectedOS$">
          <query>VISUALIZATION</query>
         </search>
      </panel>
    </row>
 ...

to4kawa · ‎02-06-2020

<form>
    <search id="BaseSearchQ">
    <query> 
| makeresults</query>
    </search>
    <search base="BaseSearchQ" id="PostProcessQ1">
    <query> 
| eval test1="1"</query>
    </search>
    <search base="BaseSearchQ" id="PostProcessQ2">
    <query> 
| eval test2="2"</query>
    </search>
    </search>
    <search base="BaseSearchQ" id="PostProcessQ2">
    <query> 
| eval test3="3"</query>
    </search>
    </search>
    <search base="BaseSearchQ" id="PostProcessQ2">
    <query> 
| eval test4="4"</query>
    </search>
    </search>
    <search base="BaseSearchQ" id="PostProcessQ2">
    <query> 
| eval test5="5"</query>
    </search>
    <row>
    <panel>
    <input type="dropdown" token="selectedOS" searchWhenChanged="true">
    <label>Service Provider</label>
    <choice value="PostProcessQ1">Windows</choice>
    <choice value="PostProcessQ2">Linux</choice>
    <choice value="PostProcessQ3">Linux</choice>
    <choice value="PostProcessQ4">Linux</choice>
    <choice value="PostProcessQ5">Linux</choice>
    <change>
    <condition value="PostProcessQ1">
    <set token="tokShowPanelA">true</set>
    <unset token="tokShowPanelB"></unset>
    <unset token="tokShowPanelC"></unset>
    <unset token="tokShowPanelD"></unset>
    <unset token="tokShowPanelE"></unset>
    </condition>
    <condition value="PostProcessQ2">
    <unset token="tokShowPanelA"></unset>
    <set token="tokShowPanelB">true</set>
    <unset token="tokShowPanelC"></unset>
    <unset token="tokShowPanelD"></unset>
    <unset token="tokShowPanelE"></unset>
    </condition>
    <condition value="PostProcessQ3">
    <unset token="tokShowPanelA"></unset>
    <unset token="tokShowPanelB"></unset>
    <set token="tokShowPanelC">true</set>
    <unset token="tokShowPanelD"></unset>
    <unset token="tokShowPanelE"></unset>
    </condition>
    <condition value="PostProcessQ4">
    <unset token="tokShowPanelA"></unset>
    <unset token="tokShowPanelB"></unset>
    <unset token="tokShowPanelC"></unset>
    <set token="tokShowPanelD">true</set>
    <unset token="tokShowPanelE"></unset>
    </condition>
    <condition value="PostProcessQ5">
    <unset token="tokShowPanelA"></unset>
    <unset token="tokShowPanelB"></unset>
    <unset token="tokShowPanelC"></unset>
    <unset token="tokShowPanelD"></unset>
    <set token="tokShowPanelE">true</set>
    </condition>
    </change>
    </input>
    <single depends="$tokShowPanelA$">
    <title>TEST_FOO</title>
    <search base="PostProcessQ1">
    <query>table _time *</query>
    </search>
    </single>
    <single depends="$tokShowPanelB$">
    <title>TEST_FOO</title>
    <search base="PostProcessQ2">
    <query>table _time *</query>
    </search>
    </single>
    <single depends="$tokShowPanelC$">
    <title>TEST_FOO</title>
    <search base="PostProcessQ3">
    <query>table _time *</query>
    </search>
    </single>
    <single depends="$tokShowPanelD$">
    <title>TEST_FOO</title>
    <search base="PostProcessQ4">
    <query>table _time *</query>
    </search>
    </single>
    <single depends="$tokShowPanelE$">
    <title>TEST_FOO</title>
    <search base="PostProcessQ5">
    <query>table _time *</query>
    </search>
    </single>
    </panel>
    </row>
    </form>

five is big. but it works.
Do you need the query optimization?

sreegouthamredd · ‎02-07-2020

This is a the normal approach .. the issue here is , we have about 5 drop-down options and each option will have 5 panels each that needs to refer its own post process search like

P11 , P12 .... P15 - PostProcessQ1
P21 , P22 .... P25 - PostProcessQ2
...
...
P51 , P52 .... P55 - PostProcessQ5

in future we would be adding more drop down options , so it would be tedious to code 5 panels each for every drop-down.

to4kawa · ‎02-07-2020

You are trying to do it in a panel, but what about linking other dashboards from the dashboard?
At least, you won't have to run multiple queries at startup.
my answer is updated 'five panel ver'. but, do you consider another way?

Is it possible to refer to a specific post-process search in you dashboard, by use of a token (input dropdown)?

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!