Solved: Dropdown wildcard

dbcase · ‎02-14-2017

Hi,

I have a dropdown that lists individual values (example, 1,2,3,4,5) with a token num. The query looks like this

index=blah numberfield="$num$"

And that works just fine

What I'd like to do is to be able to select ALL values (i.e. ). The dropdown would now have values of *,1,2,3,4,5). Easy enough. The question is how do I structure the query? By using the one above I get no matches because the numberfield is never = "".

Help?

dbcase · ‎02-14-2017

Found it!

Change the * to %

then use the like command

search|where like(numberfield,"$num$")

View solution in original post

dbcase · ‎02-14-2017

Found it!

Change the * to %

then use the like command

search|where like(numberfield,"$num$")

dbcase · ‎02-14-2017

well darn it, the asterisk did show. The last sentence is supposed to read like this

What I'd like to do is to be able to select ALL values (i.e. *). The dropdown would now have values of *,1,2,3,4,5). Easy enough. The question is how do I structure the query? By using the one above I get no matches because the numberfield is never = "*".

Dropdown wildcard

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability