Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to filter comma separate keywords in splunk dashboard using text box?

karthi2809
Builder
‎12-06-2024 05:51 AM

How to filter using text box with multiple keywords using comma separated.How to filter my table data.

This is  my query   

 

index=atvi_test sourcetype=ncc  |rename hostname as Host component as Component filename as FileName | eval source_list=split("*ORA*", ",")| search Environment=QTEST Component IN (*) |search NOT Message IN (null)| table PST_Time Environment Host Component FileName  Message |sort PST_Time|search [| makemv delim="," source_list|eval search_condition=mvjoin(source_list, " OR Message=*")|eval search_condition="Message=*" . search_condition|return $search_condition]

 

Labels (1)
Labels
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎12-06-2024 09:17 AM

To ask an answerable data analytics question, follow these golden rules; nay, call them the four commandments:

  • Illustrate data input (in raw text, anonymize as needed), whether they are raw events or output from a search (SPL that volunteers here do not have to look at).
  • Illustrate the desired output from illustrated data.
  • Explain the logic between illustrated data and desired output without SPL.
  • If you also illustrate attempted SPL, illustrate actual output and compare with desired output, explain why they look different to you if that is not painfully obvious.

To apply here: What is "my table data"? Suppose by "text box" you mean a text input element in a dashboard that gives you a token $text_tok$, and suppose your user typed "sometext, some more, some more text".  What exact result from your "table data" do you expect?  Is the illustrated search supposed to demonstrate your attempt to use such a token?  Where is the token if so?  If not, what is it supposed to tell volunteers?

0 Karma
Reply

karthi2809
Builder
‎12-09-2024 03:54 AM

Hi @yuanliu 

I am working on a dashboard in splunk and need help implementing specefic filtering requirements.I have a table with the following fields.

message (contain log details)

component (indicates the source components)

My requirement are:

1.Add multiselect dropdown to filter the component field.

2. add textbox input to filter the message field using comma-separated keywords.

for example:

if the textbox contains error, timeout it should filter rows where the message field contain error or timeout in case both present we need to show both the values.

 

Any suggestions or example are greatly appreciated, Thank you. 

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎12-11-2024 09:18 PM

You are really just repeating the same question all these days without showing your effort.  I have a fairly elaborate response in your other question How to filter events using text box values including sample dashboards.  Please delete repeating posts and work on the post where volunteers have provided you with the most information.

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
li.common.scroll-to.top