Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you change the base search depending on a drop down value?

replicant
Engager
‎11-07-2022 06:50 AM

I have a dashboard that uses a dbxquery in the base search.  I would like to make the dashboard "bilingual".

Is it possible to alter the behavior of the dashboard and select a different base search depending on the value of a drop down or radio button?

For example, selecting the first of the two options should have this base search be used:

<search id="base1">
<query>| dbxquery shortnames=true output=csv connection="CON_1" query="use [DB1] select TimeRaised as 'TimeTriggered', ...</query>

...while selecting the 2nd of the two options would use this one:

<search id="base1">
<query>| dbxquery shortnames=true output=csv connection="CON_2" query="use [DB2] select TimeRaised as 'TimeTriggered', ...</query>

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-08-2022 05:21 AM

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

replicant
Engager
‎11-08-2022 04:42 AM

@richgalloway - Perfect.  Karma given.  Thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-08-2022 05:21 AM

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎11-07-2022 07:24 AM

Rather than change the base search, consider changing parameters of the search.  If this is the base search

<query>| dbxquery shortnames=true output=csv connection=$CON|S$ query="use [$DB$] select TimeRaised as 'TimeTriggered', ...</query>

then you just need the dropdown selector to set the $CON$ and $DB$ tokens to the appropriate values.

<input type="dropdown" ...>
  ...
  <change>
    <condition label="Choice 1">
      <set token="CON">CON1</set>
      <set token="DB">DB1</set>
    </condition>
    <condition label="Choice 2">
      <set token="CON">CON2</set>
      <set token="DB">DB2</set>
    </condition>
  </change>
</input>
---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...