https://community.splunk.com/t5/Splunk-Search/saved-search-multiple-values/m-p/517284#M145445 <P>Hi guys,&nbsp;</P><P>I'm trying to create a saved search (instead of&nbsp; typing the same search command few times a day) , but there's a small "catch" in my search - I want to put multiple choice as one of the variables.&nbsp;</P><P>e.g. Long search:&nbsp;</P><P>index=console1(sourcetype=c1:agent OR sourcetype="c1:agent_registered") computerName="computer1 OR&nbsp;computer2 OR&nbsp;computer25&nbsp;<BR />| stats count by host</P><P>&nbsp;</P><P>I created a basic saved seach:&nbsp;index=console1(sourcetype=c1:agent OR sourcetype="c1:agent_registered") $computerName$<BR />| stats count by host&nbsp;</P><P>So my&nbsp;computerName can be different every time i need to check a new machine., but I can only one at a time... Is there a way to add that option to my saved search?</P> Tue, 01 Sep 2020 15:37:40 GMT klaudiac 2020-09-01T15:37:40Z https://community.splunk.com/t5/Splunk-Search/saved-search-multiple-values/m-p/517284#M145445 <P>Hi guys,&nbsp;</P><P>I'm trying to create a saved search (instead of&nbsp; typing the same search command few times a day) , but there's a small "catch" in my search - I want to put multiple choice as one of the variables.&nbsp;</P><P>e.g. Long search:&nbsp;</P><P>index=console1(sourcetype=c1:agent OR sourcetype="c1:agent_registered") computerName="computer1 OR&nbsp;computer2 OR&nbsp;computer25&nbsp;<BR />| stats count by host</P><P>&nbsp;</P><P>I created a basic saved seach:&nbsp;index=console1(sourcetype=c1:agent OR sourcetype="c1:agent_registered") $computerName$<BR />| stats count by host&nbsp;</P><P>So my&nbsp;computerName can be different every time i need to check a new machine., but I can only one at a time... Is there a way to add that option to my saved search?</P> Tue, 01 Sep 2020 15:37:40 GMT https://community.splunk.com/t5/Splunk-Search/saved-search-multiple-values/m-p/517284#M145445 klaudiac 2020-09-01T15:37:40Z https://community.splunk.com/t5/Splunk-Search/saved-search-multiple-values/m-p/517290#M145447 <P>Hello&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/223748">@klaudiac</a>&nbsp;, do you have the host list with you? Also, is it like a partcular time only a particular host needs to be searched? If so, does this change with time - ie, at 6 PM today Host XXX needs to be checked while at 6PM tomorrow Host YYY needs to be checked?</P><P>If its just simple search from a list of host which you have to begin with you can use :</P><P>&nbsp;</P><P><SPAN>index=console1(sourcetype=c1:agent OR sourcetype="c1:agent_registered") host IN (hostname1,hostname2..)</SPAN><BR /><SPAN>| stats count by host&nbsp;</SPAN></P> Tue, 01 Sep 2020 15:45:54 GMT https://community.splunk.com/t5/Splunk-Search/saved-search-multiple-values/m-p/517290#M145447 Nisha18789 2020-09-01T15:45:54Z https://community.splunk.com/t5/Splunk-Search/saved-search-multiple-values/m-p/517295#M145450 <P>Have you considered putting the search into a dashboard?&nbsp; Then you can have an input selector where you can choose the computers to include in the search.</P> Tue, 01 Sep 2020 15:56:35 GMT https://community.splunk.com/t5/Splunk-Search/saved-search-multiple-values/m-p/517295#M145450 richgalloway 2020-09-01T15:56:35Z https://community.splunk.com/t5/Splunk-Search/saved-search-multiple-values/m-p/517297#M145451 <P>Hey,&nbsp;</P><P>The list of the hosts depends on a day when we do the installations, so one day it can be 1 host, and another day I can have a list of 13 to check.&nbsp;</P><P>There's no set time frame so whenever I log in the morning I just set my time to last 30min or last 60min and run it then and see if they are active.&nbsp;</P> Tue, 01 Sep 2020 15:57:07 GMT https://community.splunk.com/t5/Splunk-Search/saved-search-multiple-values/m-p/517297#M145451 klaudiac 2020-09-01T15:57:07Z