Hello,
I will continue to search Answers for an answer.
Here's my issue.
I have a dashboard with numerous searches and sub-searches, as well as several tokens. I want to test each of the searches and sub-searches in the search * reporting app. What is the SPL to assign static values to these tokens so that I do not have to re-edit my SPL test these searches?
index="oit_linuxevents" AND source="ps"
AND earliest=$Selected_Time_Range.earliest$
AND latest=$Selected_Time_Range.latest$
AND host=$hostName_tok$
AND (USER=$userId_tok$
OR (USER="root" AND "*$userId_tok$*"))
Rather than having to replace all the tokens with static values, I'm looking for commands to assign those values. Then I can reuse for them for each search and sub-search.
For example, something like
after my above SPL...
| eval $hostName_tok$ = "server1"
| eval $userId_tok$="user1"
etc....
Thanks is advance for your help.
God bless,
Genesius
↧