Solved: Re: Creating checkboxes to check multiple severity...

jyothishtj · ‎09-16-2015

Hi Team,

I am trying to create a checkbox for severity with values 1,2,3,4 and >4. I need to check multiple checkboxes at the same time so a report will be refreshed based on the value. I tried to give name value pair as:

Name     Value
-----    -----
1        1
2        2
3        3
4        4
5+       >5

and Delimiter value as OR SEVERITY= and token as genSEVERITY

Then gave the report query as

index=index_custom SEVERITY= $genSEVERITY$  | table INC_COMPANY INC_NUMBER  SEVERITY | sort + SEVERITY

When I am checking values 1, 2, 3, 4, it is listing the values correctly, but when I am trying to select 5+ it is giving an error because the query will be

severity=1 or severity=2 or severity=3 or severity=4 or severity=>5

Is there any way I can get severity>=5 with this value, or any other methods to achieve the required results? Please help.

Thanks ,
Jyo

HeinzWaescher · ‎09-17-2015

Have you tried out

index=index_custom $genSEVERITY$ | table INC_COMPANY INC_NUMBER SEVERITY | sort + SEVERITY

View solution in original post

HeinzWaescher · ‎09-17-2015

Have you tried out

index=index_custom $genSEVERITY$ | table INC_COMPANY INC_NUMBER SEVERITY | sort + SEVERITY

jyothishtj · ‎09-17-2015

Thanks. This is working fine

Creating checkboxes to check multiple severity values to update a report, how do I get the value ">5" to produce results?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Join the Conversation