Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to filter multiselect entries based on its own selection?

jonvijay1993
Explorer
‎04-13-2023 04:07 AM

I have a multiselect for software version (version is just yyyy.mm.dd or an alphanumeric string).

If the user selects a certain version, multiselect has to hide all its entries below selected version, so that user would only see multiselect versions higher than what he selected.

Is this possible?

<input type="multiselect" token="VERSION" searchWhenChanged="true">
      <label>Version</label>
      <fieldForLabel>VERSION</fieldForLabel>
      <fieldForValue>VERSION</fieldForValue>
      <choice value="all">ALL</choice>
      <!--<default>all</default>-->
      <!--<initialValue>all</initialValue>-->
      <valuePrefix>'</valuePrefix>
      <valueSuffix>'</valueSuffix>
      <delimiter> AND </delimiter>
      <change>
         <eval token="form.VERSION">if(mvcount('form.VERSION')=3, mvindex('form.VERSION',0, 1),'form.VERSION')</eval>
      </change>
      <search>
        <query>| dbxquery query="select distinct VERSION from table WHERE blah blah blah" connection="blah" maxrows=0</query>
      </search>
    </input>

 

Basically we're trying to get a setup for selecting a range of versions, like 2022.01.01 to 2023.01.02 using two multiselect inputs.

Labels (5)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yuanliu
SplunkTrust
SplunkTrust
‎04-14-2023 12:21 AM

This is one way to do it.

<form version="1.1">
  <label>dynamic multiselect</label>
  <fieldset submitButton="false">
    <input type="multiselect" token="VERSION" searchWhenChanged="true">
      <label>Version</label>
      <fieldForLabel>version</fieldForLabel>
      <fieldForValue>version</fieldForValue>
      <choice value="0">ALL</choice>
      <!--<default>all</default>-->
      <!--<initialValue>all</initialValue>-->
      <delimiter>,</delimiter>
      <search>
        <query>| makeresults count=12
| fields - _time
| streamstats count
| eval version = "2022." . if(count &lt; 10, "0" . count, count)
``` the above emulates data ```
| where version &gt; max($VERSION$)</query>
      </search>
      <initialValue>0</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Version $VERSION$</title>
      <html>
        This is a demonstration for <a href="https://community.splunk.com/t5/Splunk-Search/How-to-filter-multiselect-entries-based-on-its-own-selection/m-p/639756#M221695">How to filter multiselect entries based on its own selection?</a>
      </html>
    </panel>
  </row>
</form>

initial - ready to pick 4initial - ready to pick 4pick 4, ready to pick 8pick 4, ready to pick 8pick 8pick 8

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

yuanliu
SplunkTrust
SplunkTrust
‎04-14-2023 12:21 AM

This is one way to do it.

<form version="1.1">
  <label>dynamic multiselect</label>
  <fieldset submitButton="false">
    <input type="multiselect" token="VERSION" searchWhenChanged="true">
      <label>Version</label>
      <fieldForLabel>version</fieldForLabel>
      <fieldForValue>version</fieldForValue>
      <choice value="0">ALL</choice>
      <!--<default>all</default>-->
      <!--<initialValue>all</initialValue>-->
      <delimiter>,</delimiter>
      <search>
        <query>| makeresults count=12
| fields - _time
| streamstats count
| eval version = "2022." . if(count &lt; 10, "0" . count, count)
``` the above emulates data ```
| where version &gt; max($VERSION$)</query>
      </search>
      <initialValue>0</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Version $VERSION$</title>
      <html>
        This is a demonstration for <a href="https://community.splunk.com/t5/Splunk-Search/How-to-filter-multiselect-entries-based-on-its-own-selection/m-p/639756#M221695">How to filter multiselect entries based on its own selection?</a>
      </html>
    </panel>
  </row>
</form>

initial - ready to pick 4initial - ready to pick 4pick 4, ready to pick 8pick 4, ready to pick 8pick 8pick 8

0 Karma
Reply
Solved! Jump to solution

jonvijay1993
Explorer
‎04-14-2023 04:59 AM

Hi, I think your way of filtering based on the query makes sense. The reason why I asked the question in the first place was, I was already doing some <set> operations within <change> and splunk wouldn't allow me to have condition and eval within change tag, and I was clueless. Thanks for the answer, I will try this and post results.

0 Karma
Reply
Solved! Jump to solution

yuanliu
SplunkTrust
SplunkTrust
‎04-14-2023 08:58 PM

Your observation is correct.  <set> on condition allows you to set a value, not an eval.

0 Karma
Reply
Solved! Jump to solution

jonvijay1993
Explorer
‎04-17-2023 01:48 AM

Thank you!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...