Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to filter comma separate keywords in splunk dashboard using text box?

karthi2809
Builder
‎12-06-2024 05:51 AM

How to filter using text box with multiple keywords using comma separated.How to filter my table data.

This is  my query   

 

index=atvi_test sourcetype=ncc  |rename hostname as Host component as Component filename as FileName | eval source_list=split("*ORA*", ",")| search Environment=QTEST Component IN (*) |search NOT Message IN (null)| table PST_Time Environment Host Component FileName  Message |sort PST_Time|search [| makemv delim="," source_list|eval search_condition=mvjoin(source_list, " OR Message=*")|eval search_condition="Message=*" . search_condition|return $search_condition]

 

Labels (1)
Labels
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎12-06-2024 09:17 AM

To ask an answerable data analytics question, follow these golden rules; nay, call them the four commandments:

  • Illustrate data input (in raw text, anonymize as needed), whether they are raw events or output from a search (SPL that volunteers here do not have to look at).
  • Illustrate the desired output from illustrated data.
  • Explain the logic between illustrated data and desired output without SPL.
  • If you also illustrate attempted SPL, illustrate actual output and compare with desired output, explain why they look different to you if that is not painfully obvious.

To apply here: What is "my table data"? Suppose by "text box" you mean a text input element in a dashboard that gives you a token $text_tok$, and suppose your user typed "sometext, some more, some more text".  What exact result from your "table data" do you expect?  Is the illustrated search supposed to demonstrate your attempt to use such a token?  Where is the token if so?  If not, what is it supposed to tell volunteers?

0 Karma
Reply

karthi2809
Builder
‎12-09-2024 03:54 AM

Hi @yuanliu 

I am working on a dashboard in splunk and need help implementing specefic filtering requirements.I have a table with the following fields.

message (contain log details)

component (indicates the source components)

My requirement are:

1.Add multiselect dropdown to filter the component field.

2. add textbox input to filter the message field using comma-separated keywords.

for example:

if the textbox contains error, timeout it should filter rows where the message field contain error or timeout in case both present we need to show both the values.

 

Any suggestions or example are greatly appreciated, Thank you. 

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎12-11-2024 09:18 PM

You are really just repeating the same question all these days without showing your effort.  I have a fairly elaborate response in your other question How to filter events using text box values including sample dashboards.  Please delete repeating posts and work on the post where volunteers have provided you with the most information.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...