Dashboards & Visualizations

Need help with delimiters in multiselect input option to get desired output in my query

Mrig342
Contributor

Hi All,

I have a query to get the result of the list of filesystems and their respective disk usage details as below:

File_System  Total in GB   Used in GB   Available in GB   Disk_Usage in %
/var                   10                    9.2                   0.8                           92
/opt                   10                    8.1                   1.9                          81
/logs                 10                    8.7                   1.3                          87
/apps                10                    8.4                   1.6                          84
/pcvs                10                    9.4                    0.6                         94

I need to create a multiselect option with the disk usage values to get the above table for a range of values. For e.g. If I select 80 in the multiselect it will show the table with values of disk usage in the range 76-80, then if I select 80 & 90 in the multiselect it will show the table with values of disk usage in the range 76-80 & 86-90 and so on. I created the multiselect with token as "DU" and created the search query for the table as:

.... | where ((Disk_Usage<=$DU$ AND Disk_Usage>($DU$-5)) OR (Disk_Usage<=$DU$ AND Disk_Usage>($DU$-5)))
| table File_System,Total,Used,Available,Disk_Usage
| rename Total as "Total in GB" Used as "Used in GB" Available as "Available in GB" Disk_Usage as "Disk_Usage in %"

With the above query I am able to get the results when I run a search with two different values (e.g. 100 & 65) for $DU$ in (Disk_Usage<=$DU$ AND Disk_Usage>($DU$-5)). But with this query I am not able to get the table in the dashboard when I am using multiple values. Please help me with the delimiter to be added or help create a query so that upon selecting multiple options in multiselect will give the table for a range of disk usage values.

Labels (1)
0 Karma

Mrig342
Contributor

Can anyone please guide me..?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...