Hi
Can someone help me to find a way to create a Dropdown Input on the field which is extracted using a REX command.
Example: For the below search, I want to add a new dropdown Input with the 3 values :
a) Incoming b) Outgoing c) Both
If user select Incoming, only those records with the direction as incoming will be displayed.
If user select Outgoing, only those records with the direction as Outgoing will be displayed.
If user select Both, all the records (Direction as incoming or outgoing) will be displayed.
Query:
index=events_prod_cdp_penalty_esa source="SYSLOG" sourcetype=zOS-SYSLOG-Console (TERM(VV537UP) OR TERM(VVF119P) ) ("- ENDED" OR "- STARTED" OR "PURGED --")
| rex field=TEXT "((VV537UP -)|(VVF119P -))(?<Func>[^\-]+)"
| fillnull Func value=" PURGED"
| eval Function=trim(Func)
| eval DAT = strftime(relative_time(_time, "+0h"), "%d/%m/%Y")
| rename DAT as Date_of_reception
| eval {Function}_TIME=_time
| stats values(Date_of_reception) as Date_of_reception values(*_TIME) as *_TIME by JOBNAME
| eval Description= case('JOBNAME' == "$VVF119P", "Reception of the CFI file from EB and trigger planning PVVZJH." ,
'JOBNAME' == "$VV537UP", "Unload of VVA537 for Infocentre." ,
1=1,"NA")
| eval DIRECTION= case('JOBNAME' == "$VVF119P", "INCOMING" , 'JOBNAME' == "$VV537UP", "OUTGOING" ,
1=1,"NA")
| eval Diff=ENDED_TIME-STARTED_TIME
| eval TimeDiff=now() - STARTED_TIME
| eval Status =
if(isnotnull(ENDED_TIME) AND (Diff<=120),"OK",if(isnotnull(ENDED_TIME) AND (Diff>120),"BREACHED",
if(isnull(ENDED_TIME) AND isnull(STARTED_TIME),"PLANNED",if(isnull(ENDED_TIME) AND isnotnull(STARTED_TIME) AND (TimeDiff>1000),"FAILED",
if(isnull(ENDED_TIME) AND isnotnull(STARTED_TIME) and (TimeDiff>1000),"RUNNING","WARNING")))))
| fieldformat STARTED_TIME=strftime((STARTED_TIME),"%H:%M:%S")
| fieldformat ENDED_TIME=strftime((ENDED_TIME),"%H:%M:%S")
| fieldformat PURGED_TIME=strftime( PURGED_TIME,"%H:%M:%S")
| eval diff_time = tostring(Diff , "duration")
| eval diff_time_1=substr(diff_time,1,8)
| rename diff_time_1 as EXECUTION_TIME
| table JOBNAME,Description,DIRECTION , Date_of_reception ,STARTED_TIME , ENDED_TIME , PURGED_TIME , EXECUTION_TIME , Status
| sort -STARTED_TIME
Hi
Sorry, I want to create an input (free text) on the field "JOBNAME" which is extracted via rex.
Is it possible?
Below input is working fine when I put a job name in the free_text input but when i give nothing or * in the
free_text input , it gives me no result.
<input type="text" token="free_text" searchWhenChanged="true">
<label>Free_Text</label>
<default>*</default>
<prefix>| where JOBNAME = "</prefix>
<suffix>"</suffix>
<initialValue>*</initialValue>
</input>
Any way to create an input filter as a free text for the field JOBNAME ??
I am using Free text input because there are more than 500 jobs and in the dropdown it does not look good.
Where doesn't support wildcards in this way, try using search instead of where
I am not sure where rex comes into it - you could set up a static drop down like this
Label | Value |
Incoming | | where DIRECTION=="INCOMING" |
Outgoing | | where DIRECTION=="OUTGOING" |
Both |
Then just place the token in your search after the DIRECTION eval
| eval DIRECTION= case('JOBNAME' == "$VVF119P", "INCOMING" , 'JOBNAME' == "$VV537UP", "OUTGOING" ,
1=1,"NA")
$direction_selector_token$
| eval Diff=ENDED_TIME-STARTED_TIME