Solved: How to use N values in a search dependent on a use...

smhsplunk · ‎04-28-2016

I have 9 drop-downs, and depending on user selection, the search is going to use those values to create a table. Since the drop-down values are dynamically generated (each is linked to another), there is no way to know how many of the values will be used in the final search. I want to know how is it possible to use N values in a search dependent on a user selecting N values.

source=main sourcetype=traffic_information 
| search * traffic_location $imd1$ $imd2$ $imd3$ $imd4$ $imd5$ $imd6$ $imd7$ $imd8$ imd9$ 
| table city, state, location

Is it possible to have a default value (or just don't use) in the above search when the value is not selected?

Thanks

sundareshr · ‎04-28-2016

You can set the default to * in the drop-down. In addition to the query to populate dropdown with dynamic values, you can add static values. A common use for static values is to add "*" and set that to be the default.

View solution in original post

sundareshr · ‎04-28-2016

You can set the default to * in the drop-down. In addition to the query to populate dropdown with dynamic values, you can add static values. A common use for static values is to add "*" and set that to be the default.

smhsplunk · ‎05-02-2016

Thanks! This works fine.

How to use N values in a search dependent on a user selecting N values from drop-down forms?

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Are you a member of the Splunk Community?

How to use N values in a search dependent on a user selecting N values from drop-down forms?

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES