Spread our blog

Splunk Dashboard Child Elements: Eval

In Splunk, there are a number of child elements available. Splunk dashboard generally contains multiple parent and child tags to build an XML. Where <dashboard> or <form> is the root element. Today we will discuss <eval> tag child elements. For example, we can use a child element <panel> under a parent element <row> to build multiple panes within one row.

These are the parent elements where <eval> tag can be used.

<drilldown><condition>
<search><condition>
<change><condition>

Example and Format:

<drilldown>
  <eval token="[token_name]"></eval>
</drilldown>

<drilldown>
  <condition>
    <eval token="[token_name]"></eval>
</condition>
</drilldown>

<change>
  <eval token="[token_name]"></eval>
</change>

<change>
  <condition>
    <eval token="[token_name]"></eval>
 </condition>
</change>

<search>
  <condition>
    <eval token="[token_name]"></eval>
  </condition>
</search>
<search>
  <eval token="[token_name]"></eval>
</search>

Example and format:

Eval tag can be used to execute an eval operation and save that result in a token, which we can use in our later phases. It is pretty similar to the SPL eval command in some places.

Example:

Here we have a text input from lines 4 to 11 and I have a single value panel from lines 14 to 23.

From lines 7 to 10 I created a change tag which is the parent tag for <eval> child elements here. Within that, I set a token “newone” which is nothing but value coming from the text input that’s why I have used the same token there. After that at line number 9, I have used a <eval>, where I applied a case function that is pretty much the same as the normal SPL eval case function. There I stated that if the text input value is “*” then it should carry “all values” otherwise it should carry “else should be printed here”. Then within the single value viz I added the token coming from the eval tag.

You can also know about :  Splunk Is Giving Tough Competition To Other Giants And How

Then Dashboard will look like this.

Here I have used the eval tag within the <input> you can use within the <drilldown> also.

Take a look at this blog below to check how we can pass the <eval> tag within a <drilldown>.

Example: How to Pass Other Value from a Single Value Trellis Visualization?

Also, I mentioned a few classic use cases of the <eval> tag.

Example: Dynamically Panel Title Change Using Drill-down In Splunk

Example: How to Change Panel Title Using Time Range Picker Dynamically Or In Human Readable Format

I hope you have enjoyed this blog “Splunk Dashboard Child Elements: Eval“, see you all on to the next one.

Happy Splunking!!

What’s your Reaction?
+1
+1
1
+1
1
+1
+1
2
+1
+1

Spread our blog

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here