Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to use radio buttons to select a range of results/values?

jkcadaing
New Member
‎02-28-2019 07:29 AM

Good morning Splunkers!

I need help sorting through a list of MAC Addresses. I have a dashboard that lists them in a drilldown table. I have some list of 900 MAC Addresses and using the command below helps me pass the search results to another instance of Splunk to insert them into a search.

However, I am getting 414 errors for the URI being too long if there are more than 120 MAC Addresses used.

| eval MAC_UNIT=replace(MacAddress, "(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})", "\1:\2:\3:\4:\5:\6") 
| fields MAC_UNIT 
| format

My question: is there a way to select a range of values/results? I'd like to use radio buttons to select results 0-100, 101-200, 201-300, etc.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

integratorz
Path Finder
‎02-28-2019 09:43 AM

You could use a search command like accum to number the lines and allow you to further your search.

For example:

your search... | eval number=1 | accum number | where number < 100 AND number > 0

This should look like this

1 MAC1
2 MAC2
3 MAC3
...
900 MAC900

This allows you to pick which range you want to send over and ensure its less than 120.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

lakshman239
Influencer
‎02-28-2019 10:07 AM

In the dashboard, you would probably want to create a radio button (to simulate range of MAC's using patterns of mac address). Alternatively, if you can have them in a lookuptable with macaddress, id , where id is from 1 to 900 and macaddress is your macaddr. In the drill-down you can look for macaddress from id=1 to id<99 etc..

0 Karma
Reply
Solved! Jump to solution
Solution

integratorz
Path Finder
‎02-28-2019 09:43 AM

You could use a search command like accum to number the lines and allow you to further your search.

For example:

your search... | eval number=1 | accum number | where number < 100 AND number > 0

This should look like this

1 MAC1
2 MAC2
3 MAC3
...
900 MAC900

This allows you to pick which range you want to send over and ensure its less than 120.

0 Karma
Reply
Solved! Jump to solution

jkcadaing
New Member
‎02-28-2019 11:16 AM

Sweet! This helps give them a unique number aka ID and I can use change conditions on the backend and play around with tokens to get the results I need! Thanks a bunch!

0 Karma
Reply
Solved! Jump to solution

integratorz
Path Finder
‎02-28-2019 11:22 AM

Any time @jkcadaing! Best of luck and Happy Splunking!

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...