Re: Is there a way to display a different name in ...

sreelesh_n · ‎01-04-2016

Hi

I have a drop-down and Chart/List. The chart should show the event on the item selected from list.

Is there a way display the ProcessContext_ProjectName in the drop-down list removing Java, but while searching, it should use original string?
The replace function is working replace "Java*" with "*" IN ProcessContext_ProjectName, but while doing the search below on another chart from token_projectname2 , it should pick up from the original string including Java.
Right now, the chart is always giving a blank result if I do a filter by Replace.

<input type="dropdown" token="token_projectname2" searchWhenChanged="true">
      <search>
        <query>index=u2 sourcetype=jms_body_header_txt     | dedup   ProcessContext_ProjectName | table ProcessContext_ProjectName</query>
        <earliest>0</earliest>
        <latest></latest>
      </search>
      <fieldForLabel>ProcessContext_ProjectName</fieldForLabel>
      <fieldForValue>ProcessContext_ProjectName</fieldForValue>
    </input>

gyslainlatsa · ‎01-04-2016

hi sreelesh_n,

try to write like this: replace "Java *" WITH "*" IN ProcessContext_ProjectName

if that does not work, please me you post your entire code and then I can look at the problem.

sundareshr · ‎01-04-2016

The dropdown takes two parameters Name field and Value field. You could add a field for the name like | eval name_field=replace(ProcessContext_ProjectName, "Java*", "*") and then in the dropdown, use the name_field for the fieldForLabel and set value field as ProcessContext_ProjectName.

Is there a way to display a different name in a drop-down list, but use the original string value in the search using the chart replace function?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases