Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Dashboards & Visualizations
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Is it possible to produce a dynamic search using t...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to produce a dynamic search using token generated fields?
ryantodd
Engager
12-26-2016
07:40 AM
Hi there, is it possible to search using fields generated by token?
For example, I have a couple of fields:
1. roomtemp_apple_qty
2. chilled_apple_qty
3. roomtemp_orange_qty
4. chilled_orange_qty
I wish to be able to pass a $fruit$ token from my drop-down input in a dashboard and do something like this.
sourcetype=fruit_store | eval roomTempFieldName = "roomTemp" + $fruit$ + "_qty" | eval chilledFieldName = "chilled_" $fruit$ + "_qty"| list avg(roomTempFieldName), avg(chilledFieldName)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
12-26-2016
12:21 PM
Did you try like this?
sourcetype=fruit_store | list avg("roomTemp$fruit$_qty" ), avg("chilled_$fruit$_qty")
OR
sourcetype=fruit_store | eval roomTempFieldName = [| gentimes start=-1 | eval search="roomTemp" + $fruit$ + "_qty" | table search] | eval chilledFieldName = [| gentimes start=-1 | eval search="chilled_" $fruit$ + "_qty" | table search] | list avg(roomTempFieldName), avg(chilledFieldName)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rjthibod
Champion
12-26-2016
08:49 AM
You can probably do what you ask in some way using the $value$ token in a dropdown (see http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens#Access_labels_and_values_of_form_input...), but it may be more trouble than its worth. Instead, you can use the conditional elements to do it like the following.
<form>
<fieldset submitButton="false">
<input type="dropdown" token="fruittype">
<label>Select a fruit type</label>
<choice value="apple">Apples</choice>
<choice value="orange">Oranges</choice>
<change>
<condition label="Apples">
<set token="roomtemp_field">roomtemp_apple_qty</set>
<set token="chilledtemp_field">chilled_apple_qty</set>
</condition>
<condition label="Oranges">
<set token="roomtemp_field">roomtemp_orange_qty</set>
<set token="chilledtemp_field">chilled_orange_qty</set>
</condition>
</change>
</input>
</fieldset>
<row>
<panel>
<table>
<search>
<query>sourcetype=fruit_store | stats avg($roomtemp_field$) avg($chilledtemp_field$)</query>
</search>
</table>
</panel>
</row>
</form>
Get Updates on the Splunk Community!
What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience
What’s New in Splunk Enterprise 9.4: Tools for Digital ResilienceTune in to What’s New in Splunk Enterprise ...
Get Schooled with Splunk Education: Explore Our Latest Courses
At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...
Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL
Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL
The Splunk AI Assistant for SPL ...
