I have a query that receives input from a drop-down.
Example info coming from the drop-down:
Static: All = *
Dynamic = Application name + Version
I am physically splitting the name of the application with the version number because my index has Application as a separate from Version and does not take the application with the version (ie: Calendar 220.127.116.115) as an input. I am combining the two for my drop-down for user simplicity
How queries require the input:
Application = Calendar
Version = 18.104.22.1685
| eval Applications = "$App_token$"
| rex field=Applications "^(?<Application>^\D+)"
| rex field=Applications "^(?<Install_Version>^\d.*)"
| dedup Mac_Address Application
| search "StoreNo"=* Mac_Address=* "Install Status"=* "App Updated Date"=* "Last Seen"=* "OS Version"="*"
|chart limit=50 count over "Application" by "Install Status"
How would I build a case where "All" would display all applications rather than *