Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Mutliselect dropdown

anooshac
Communicator
‎11-21-2023 09:55 PM

Hi all,

I have 2 multiselect dropdowns. One is dependent on other dropdown.

The first drop down has groups and second has sub groups. I am facing some problem in appending the subgroup value to the respective group.

For example, lets assume that group has values a b c and only c has subgroup that is x ,y. I want to append that subgroup as c_x and c_y and pass it to the query.

I tried adding suffix in dropdown itself. But when the tokens are selected in any order it is adding the sub group to whole token, that is if i select b,c,a it will add subgroup as b,c,a_x and b,c,a_y.

 

Any suggestions on how can i correctly append the sub group to respective groups and use it in the query.

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-21-2023 11:42 PM

Hi @anooshac ,

you can use in the first multivalue the following search:

| makeresults
| eval group="a"
| append [| makeresults | eval group="b"]
| append [| makeresults | eval group="c", subgroup="x"]
| append [| makeresults | eval group="c", subgroup="y"]
| dedup group
| sort group
| table group

and in the second multivalue the following search:

| makeresults
| eval group="a"
| append [| makeresults | eval group="b"]
| append [| makeresults | eval group="c", subgroup="x"]
| append [| makeresults | eval group="c", subgroup="y"]
| table group subgroup
| search group=$group$
| eval value=group.if(isnotnull(subgroup),"_".subgroup,"")

then you can use the second value in your panels.

Obviously thgis is a sample to adapt to your search.

Ciao.

Giuseppe

 

0 Karma
Reply

anooshac
Communicator
‎11-22-2023 02:38 AM

Hi, @gcusello ,

 

Thanks for the reply. I have one concern, in the mutliselect dropdown the values selected will be a,b,c or b,c,a etc which will be comma separated.

In such conditions will this logic will work?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-22-2023 06:05 AM

Hi @anooshac,

my sample is a sample without any logic except the one you described.

So the order of values isn't relevant and can also be different.

If you have many values, I hint to use a lookup.

Ciao.

Giuseppe

0 Karma
Reply

anooshac
Communicator
‎01-11-2024 12:49 AM

Thank you @gcusello , I'll try using lookup.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-11-2024 02:10 AM

Hi @anooshac ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...