Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Creating "Custom groups" and using them in a filter

andreafebbo
Communicator
‎01-13-2017 03:25 AM

I would like to do on splunk something similar to what in microstrategy is colled custom groups.

I'll try to explain it as simply as I can.

I have a field i use in a multiple selection filters.

ex: colours - yellow red white black blue etc...

This list of colours is VERY long, so it's quite uncomfortable for the users select in the multiple selection filters which colours he needs.

so id like to create a group of colours called "beauty" in which I specify which colour is beautiful e which is not.

ex:
beautiful colours: red blue green
ugly colours: all others

I'd like to do this outside of the single dashboard so i can use this for filtering in many dashboards.

Before reinventing the wheel I wanted to be sure there are not known solutions.

If there are not which ones you suggest.

Thanks a lot.

Reply
1 Solution
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎01-13-2017 04:34 AM

you can create a tag for this. then you can create a token in the dashboard for the tag

https://docs.splunk.com/Documentation/Splunk/6.5.1/Knowledge/Defineandusetags

but with multiple colors per tag, you might want to create an event type first and assign that event type to the tag

http://docs.splunk.com/Documentation/Splunk/6.5.1/Knowledge/Defineeventtypes#Save_a_search_as_a_new_...

View solution in original post

Reply
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎01-13-2017 04:34 AM

you can create a tag for this. then you can create a token in the dashboard for the tag

https://docs.splunk.com/Documentation/Splunk/6.5.1/Knowledge/Defineandusetags

but with multiple colors per tag, you might want to create an event type first and assign that event type to the tag

http://docs.splunk.com/Documentation/Splunk/6.5.1/Knowledge/Defineeventtypes#Save_a_search_as_a_new_...

Reply
Solved! Jump to solution

cmerriman
Super Champion
‎01-13-2017 04:43 AM

as a for instance, you could have an eventtype called beauty, the search string would just be color=Red OR color=Blue OR color=Green Tag(s) could be called beauty. save that off. then create a tag by tag name. tag name could be called beauty and field value pair would be eventtype=beauty

Reply
Solved! Jump to solution

andreafebbo
Communicator
‎01-16-2017 03:26 AM

I solved everything with an eventype.
Thank you!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...