I have created a form with a dropdown box and a textbox ..when a change a value in dropdown box my query should change.For example i have three queries like this
Query 1 : sourcetype="X" | somelogic | where cond = $search parameter $
Query 2 : sourcetype="Y" | somelogic | where cond = $search parameter $
Query 3 : sourcetype="Z" | somelogic | where cond = $search parameter $
where search parameter is the value given in the textbox.my requirement i have three values in the dropbox say A,B,C.if i select A Query1 should excute with the value given in the textbox as searchparameter..How can i do this..
Please help me on this..
actually i dnt have any code ..i have the queries ready ..and need to implement in this way..checked all the examples in the splunkbase but couldnt get any solution.
You could probably use a subsearch to choose sourcetype like this:
* [search * | head 1 | eval sourcetype=case(cond=$paramvalue1$,"X",cond=$paramvalue2$,"Y",cond=$paramvalue3$,"Z") | fields sourcetype] | somelogic | where cond=$paramvalue$