Form with a multi-value text box that will OR ever...

harish_ka · ‎06-13-2016

How to search multiple values in a text box, that should return results for all the input values.
For Ex, i have a textbox named Num in dashboard, now i can search only 1 input value,
How can i search multiple values, so that i can enter like 10,12,33 , which returns all 3 input results.
The textbox should accept the values like (Num=10 OR Num=12 OR Num=33)

gjones_splunk · ‎10-29-2019

Hi there,

Bit late in answering (but in case anyone has the same question) I had a bit of help from a colleague on this and it works a treat. Use this xml in a dashboard (against index=_internal) to get an idea of how it works.

Text Input Multi-value Filter

<input type="time" token="TimePicker">
  <label>Time Picker</label>
  <default>
    <earliest>-60m@m</earliest>
    <latest>now</latest>
  </default>
</input>
<input type="text" token="Text_Input">
  <label>Sourcetype text filter with "," separator. It also uses the rex command in the search so you don't have to worry about spaces.</label>
  <prefix>"</prefix>
  <suffix>"</suffix>
</input>


<panel>
  <title>Example of events dedup'd by sourcetype</title>
  <table>
    <search>
      <query>index=_internal

index=_internal
| stats values(sourcetype)
$TimePicker.earliest$
$TimePicker.latest$

none

sundareshr · ‎06-13-2016

https://answers.splunk.com/answers/127021/manipulate-a-token-string-in-a-form.html

Form with a multi-value text box that will OR every input values

See just what you’ve been missing | Observability tracks at Splunk University

Weezer at .conf25? Say it ain’t so!

How SC4S Makes Suricata Logs Ingestion Simple

Are you a member of the Splunk Community?

Form with a multi-value text box that will OR every input values

See just what you’ve been missing | Observability tracks at Splunk University

Weezer at .conf25? Say it ain’t so!

How SC4S Makes Suricata Logs Ingestion Simple