Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Using Drilldown to search for a value in a look up to set a token

robertlynch2020
Motivator
‎07-27-2017 05:00 AM

Hi

I am trying to set a token from a drilldown.

I am able to to this, however the value that comes back is only for display, the real value is in a lookup table.

NICKNAME    Human_Name_Nickname
mx  MX_BASIC
smcrisk_engine  RISK_ENGINE
mxtraderepository_engine    MX_TRADE_REPO_ENGINE
smcobjectrepository_engine  SM_ENGINE
mxmlexchange_mxtaskxa   MXMLEXCHANGE
mxdealscanner_engine    DEAL_SCANNER
mx_cesar    CESAR
mx_marketdata_repository_engine MARKET_DATA
mxprocessingscript  PROCESSING_SCRIPT

So i need to take the value on the screen go to the look up and comeback with the real value.
I am trying to do this by taking $trellis.value$, putting it into a lookuptable and getting back the correct answer.

So for example, i display "MX_BASIC", i want to set the token to "mx" as this is the underlining value i need to pass into the token.

<drilldown>
          <!--set token="form.NICKNAME_TOKEN">$trellis.value$</set-->
          <set token="SINGLE_CLICK_NICKNAME">ON</set>
           <eval token="form.NICKNAME_TOKEN">| inputlookup  TEST_MXTIMING_NICKNAME.csv |  search Human_Name_Nickname = $trellis.value$ | fields - Human_Name_Nickname</eval>
        </drilldown>
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎07-27-2017 10:30 AM

@robertlynch2020, you can pass on the token from trellis drilldown to a search which can perform inputlookup to fetch the result and set the form variable through Search Event Handler.

Add the following new search to your dashboard (below description)

    <search>
      <query>| inputlookup  TEST_MXTIMING_NICKNAME.csv where Human_Name_Nickname = "$trellis.value$" | fields NICKNAME
      </query>
      <progress>
          <set token="form.NICKNAME_TOKEN">$result.NICKNAME$</set>
      </progress>
    </search>

Modify your Trellis drilldown code to pass on clicked value as token to the search.

    <drilldown>
       <set token="tokHumanNameNickName">$trellis.value$</set>
       <set token="SINGLE_CLICK_NICKNAME">ON</set>
    </drilldown>

PS: Use of eval to set token can only perform eval functions that too with some restrictions which you should check in Splunk Documentation: http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens#Define_token_filtering_and_formatting

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎07-27-2017 10:30 AM

@robertlynch2020, you can pass on the token from trellis drilldown to a search which can perform inputlookup to fetch the result and set the form variable through Search Event Handler.

Add the following new search to your dashboard (below description)

    <search>
      <query>| inputlookup  TEST_MXTIMING_NICKNAME.csv where Human_Name_Nickname = "$trellis.value$" | fields NICKNAME
      </query>
      <progress>
          <set token="form.NICKNAME_TOKEN">$result.NICKNAME$</set>
      </progress>
    </search>

Modify your Trellis drilldown code to pass on clicked value as token to the search.

    <drilldown>
       <set token="tokHumanNameNickName">$trellis.value$</set>
       <set token="SINGLE_CLICK_NICKNAME">ON</set>
    </drilldown>

PS: Use of eval to set token can only perform eval functions that too with some restrictions which you should check in Splunk Documentation: http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens#Define_token_filtering_and_formatting

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

robertlynch2020
Motivator
‎07-27-2017 03:59 PM

Cheers. Great stuff.

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...