Monitoring Splunk

How can i do dependent dropdown select

nithys
Path Finder

Hi Screenshot 2023-09-13 at 11.16.31 AM.png

Hi,
If i select "MM" ,How do i get entity associated(ie materia;,supplied material) to that particular domain...My second drop has static values which then fetch the results for 4 different queries parallely when i select from data entity.then later how do i perform multiselect option for (material and supplied material)

Labels (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @nithys,

if this solution works, good  for you: you solved your issue!

see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @nithys,

the easiest way is to should create a lookup containing the values for Domain, for "Entity associated" and for Data Entity.

Then you should create a search on this lookup for Domain.

Ten you have to create a search on the lookup for "Entity associated" using the Domain token to filter results.

At least you have to create a third search on the lookup using both the other tokens to filter results.

If you could share the searches you're using I could be more detailed.

Ciao.

Giuseppe

0 Karma

nithys
Path Finder

Hi @gcusello 
I tried having below query which works

if i select goodsdevelopment in the 1st dropdown , i get options pertained to airbag.

if i select materialdomain in the 1st dropdown , i should get options pertained to material,sm.

1.If I want use data entity dropdown to be multi select since domain can have multiple data entity…how the below query  need to be modified?
...I am using 3 different inputtoken  for inbound query&
3 different outputtoken for outbound query

2.Also how do i auto cleared the existing search result pannel  whenver new domain is selected 

Query used:
      <input type="dropdown" token="tokSystem" searchWhenChanged="true">

        <label>Domain Entity</label>

        <fieldForLabel>$tokEnvironment$</fieldForLabel>

        <fieldForValue>$tokEnvironment$</fieldForValue>

        <search>

          <query>| makeresults

          | eval goodsdevelopment="a",materialdomain="b,c",costsummary="d"</query>

        </search>

        <change>

          <condition match="$label$==&quot;a&quot;">

            <set token="inputToken">test</set>

            <set token="outputToken">test1</set>

          </condition>

          <condition match="$label$==&quot;c&quot;">

            <set token="inputToken">dev</set>

            <set token="outputToken">dev1</set>


<condition match="$label$==&quot;m&quot;">
<set token="inputToken">qa</set>
<set token="outputToken">qa1</set>
</condition>
</change>
------
<row>
<panel>
<html id="messagecount">
<style>
#user{
text-align:center;
color:#BFFF00;
}
</style>
<h2 id="user">INBOUND </h2>
</html>
</panel>
</row>
<row>
<panel>
<table>
<search>
<query>index=$indexToken1$ source IN ("/*-*-*-$inputToken$") 
| timechart count by ObjectType```| stats count by ObjectType</query>
<earliest>$time_picker.earliest$</earliest>
<latest>$time_picker.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
------<row>
<panel>

</style>
<h2 id="user">outBOUND </h2>
</html>
<chart>
<search>
<query>index=$indexToken$ source IN ("/*e-f-$outputToken$-*-","*g-$outputToken$-h","i-$outputToken$-j") </query>
<earliest>$time_picker.earliest$</earliest>
<latest>$time_picker.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>

Tags (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @nithys,

if this solution works, good  for you: you solved your issue!

see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma

nithys
Path Finder
Hi @gcusello Could you help me how to change the current data entity dropdown behaviour to multi select option…with the above query i.e second dropdown? 2.Also how do i auto cleared the existing search result pannel ,when i select next time the other option from domain entity
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @nithys,

it's the same thing, only one difference: you have to insert:

* parenthesys in Token prefix and Token suffix,

* field name, equal and quotes in Token valus prefix field="

* quotes in Token value suffix "

* OR in delimiter, remember to add a space before and after the OR.

Ciao.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma

nithys
Path Finder

Hi @gcusello 

 

 Could you help me how to change the current data entity dropdown behaviour to  multi select option…with the above query i.e second dropdown?
 2.Also how do i auto cleared the existing search result pannel ,when i select next time the other option from domain entity

Tags (1)
0 Karma

nithys
Path Finder

Hi @gcusello 
Currently the choices in Data Entity stays as static values ex (Airbag scheduling,Material ,Cost Summary)
Based on that values that I select from the Data Entity , I wanted to do comparison of that value  in my eval cmd to set the correct token to use in later queries so that i know that token is belonging to specific option of Data Entity.
So how do i transform these Data Entity options based on the value selected in the first dropdown domain.
ex., if i select MM in the 1st dropdown , i should get options pertained to MM.
if i select Goods in the 1st dropdown , i should get options pertained to Goods.
It can be one options or multiple on the data entity
</input>

<input type="dropdown" token="domainToken">

        <label>Data Entity</label>

        <choice value=“0-a,1-b,2-b,3-,4-,5-,6-a”>Airbag Scheduling</choice>

        <choice value=“0-d,1-e,2-e,3-,4-d,5-d,6-d”>Material</choice>

        <choice value=“0-e,1-f,2-f,3-e,4-,5-,6-”>Cost Summary</choice>

        <choice value=“0-f,1-e,2-b,3-b,4-md,5-a">All</choice>

        <change>

          <eval token="domainToken1">mvindex(split($value$,","),2)</eval>

          <eval token="objectToken2">mvindex(split($value$,","),1)</eval>

          <eval token="objectToken1">mvindex(split($value$,","),0)</eval>

          <eval token="outputToken1">mvindex(split($value$,","),3)</eval>

          <eval token="outputToken2">mvindex(split($value$,","),4)</eval>

          <eval token="outputToken3">mvindex(split($value$,","),5)</eval>

         

        </change>

      </input>
search query1:

 

<query>index=$indexToken$ source IN (“A-B-$objectToken1$", “/A-B-$stage-$objectToken2$”,”/A-B-$domainToken1$")</query>

search query2:

<query>index=$indexToken$ source IN (“C-$outputToken1$”-D-”, “E-$outputToken2$-F”,”G-$outputToken3$-H”)</query>

search query3:

<query>index=$indexToken$ source IN (“C-$outputToken1$”-D-”, “E-$outputToken2$-F”,”G-$outputToken3$-H”)</query>

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @nithys,

as I said, the easiest way is to create a lookup ontaining two columns (e.g. choice and value):

value    choice   
0-a      Airbag Scheduling
1-b      Airbag Scheduling   
2-b      Airbag Scheduling
3-       Airbag Scheduling
4-       Airbag Scheduling
5-       Airbag Scheduling
6-a      Airbag Scheduling
0-d      Material
1-e      Material
2-e      Material
3-       Material
4-d      Material
5-d      Material
6-d      Material
0-e      Cost Summary
1-f      Cost Summary
2-f      Cost Summary
3-e      Cost Summary
4-       Cost Summary
5-       Cost Summary
6-       Cost Summary
0-f      All
1-e      All
2-b      All
3-b      All
4-md     All
5-a      All

then you could run in the first lookup:

| inputlookup mylookup 
| dedup choice
| sort choice
| table choice

then in the second dropdown you could run:

| inputlookup mylookup WHERE choice=$FirstToken$
| dedup value
| sort value
| table value

so you'll have the values relative to the choosen first token

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...