How to filter using text box with multiple keywords using comma separated.How to filter my table data.
This is my query
index=atvi_test sourcetype=ncc |rename hostname as Host component as Component filename as FileName | eval source_list=split("*ORA*", ",")| search Environment=QTEST Component IN (*) |search NOT Message IN (null)| table PST_Time Environment Host Component FileName Message |sort PST_Time|search [| makemv delim="," source_list|eval search_condition=mvjoin(source_list, " OR Message=*")|eval search_condition="Message=*" . search_condition|return $search_condition]
To ask an answerable data analytics question, follow these golden rules; nay, call them the four commandments:
To apply here: What is "my table data"? Suppose by "text box" you mean a text input element in a dashboard that gives you a token $text_tok$, and suppose your user typed "sometext, some more, some more text". What exact result from your "table data" do you expect? Is the illustrated search supposed to demonstrate your attempt to use such a token? Where is the token if so? If not, what is it supposed to tell volunteers?
Hi @yuanliu
I am working on a dashboard in splunk and need help implementing specefic filtering requirements.I have a table with the following fields.
message (contain log details)
component (indicates the source components)
My requirement are:
1.Add multiselect dropdown to filter the component field.
2. add textbox input to filter the message field using comma-separated keywords.
for example:
if the textbox contains error, timeout it should filter rows where the message field contain error or timeout in case both present we need to show both the values.
Any suggestions or example are greatly appreciated, Thank you.
You are really just repeating the same question all these days without showing your effort. I have a fairly elaborate response in your other question How to filter events using text box values including sample dashboards. Please delete repeating posts and work on the post where volunteers have provided you with the most information.