https://community.splunk.com/t5/Security/complex-conditional-search/m-p/710229#M18303 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/276009">@intosplunk</a>&nbsp;,</P><P>let me understand: how do you set variable1/2/3: using a dropdown or based on a condition inside the search?</P><P>If based on a dropdown, you can insert the different searches in the dropdown values.</P><P>If based on a condition, you should share your searches to understand how to build your complex search.</P><P>Ciao.</P><P>Giuseppe</P> Thu, 30 Jan 2025 07:54:05 GMT gcusello 2025-01-30T07:54:05Z https://community.splunk.com/t5/Security/complex-conditional-search/m-p/710228#M18302 <P><SPAN>Hey Splunkers,&nbsp;</SPAN><BR /><SPAN>I'm trying to create a conditional search that will run on the same index but will have different search terms according to a variable I have that can have one of three values.</SPAN><BR /><SPAN>It is supposed to be something like that:</SPAN><BR /><SPAN>index = my_index</SPAN><BR /><SPAN>variable = 1/2/3</SPAN><BR /><SPAN>if variable=1 then run search1</SPAN><BR /><SPAN>if&nbsp;variable=2 then run search2</SPAN><BR /><SPAN>if&nbsp;variable=3 then run search3</SPAN><BR /><BR /><SPAN>i tried multiple ways but they didn't work so im trying to get some help here</SPAN><span class="lia-unicode-emoji" title=":grimacing_face:">😬</span><BR /><BR /></P> Thu, 30 Jan 2025 07:49:39 GMT https://community.splunk.com/t5/Security/complex-conditional-search/m-p/710228#M18302 intosplunk 2025-01-30T07:49:39Z https://community.splunk.com/t5/Security/complex-conditional-search/m-p/710229#M18303 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/276009">@intosplunk</a>&nbsp;,</P><P>let me understand: how do you set variable1/2/3: using a dropdown or based on a condition inside the search?</P><P>If based on a dropdown, you can insert the different searches in the dropdown values.</P><P>If based on a condition, you should share your searches to understand how to build your complex search.</P><P>Ciao.</P><P>Giuseppe</P> Thu, 30 Jan 2025 07:54:05 GMT https://community.splunk.com/t5/Security/complex-conditional-search/m-p/710229#M18303 gcusello 2025-01-30T07:54:05Z https://community.splunk.com/t5/Security/complex-conditional-search/m-p/710232#M18304 <P>i just tried doing it in a dashboad&nbsp;<SPAN>and insert the different searches in a dropdown values and used the token after a search and it worked. thank you very much.</SPAN></P> Thu, 30 Jan 2025 08:08:07 GMT https://community.splunk.com/t5/Security/complex-conditional-search/m-p/710232#M18304 intosplunk 2025-01-30T08:08:07Z