All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Passing a field as a variable array

thomasneat
Engager
‎03-25-2019 08:14 AM

I am trying to recreate a report from MS Access in Splunk - basically in order to move away from Access completely.

I am using db connect to search various databases and I have my searches correct but I cannot figure out how to pass the fields I am getting to create a whole new dashboard panel.

I hope this illustrates what I am attempting (and who knows, maybe there's an add-on to help with this I am unaware of?).

[time picker]
Search1 Fields from db1:
[date/time(based on time picker)][Location][Total1]
Search2 Fields from db2:
[date/time(based on time picker)][Location][Total2]
Search3 Fields from db3:
[date/time(based on time picker)][Location][Total3]

Need to have a new dashboard based on these quantities...
New Dashboard:
[date/time(based on time picker][Location(should match from all 3 searches)][Difference in totals]

Tokens seem to require specific values and I am not sure how mapping would work here.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...
Top