Hello there guys,
I'm trying to populate a token with the result of a search so I'm able to use this value at various other points of the Dashboard.
The search only has the field sourcetype at the end and it should populate the token "asas" with the sourcetype, based on the search result.
This search runs and I'm able to see that it have more than zero results, based on the Job monitor.
I'm using Splunk 6.2.2 and I was reading the "Search event handlers", but couldn't make it work.
The point is that this token never gets the data set into it, maybe you someone could help me?
**Dashboard code:**
index=oneshot | head 1 | fields sourcetype results.sourcetype true testeeeee $asas$
|
asasasas teste - $asas$ |
↧