Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to write a search that groups values to be used in a dropdown on a dashboard?

quietferret
Loves-to-Learn
‎08-18-2022 04:21 AM

Hi All,

I am new to Splunk and the SPL in general so I will try and explain as best I can.  I have been tasked to produce an UP/DOWN dashboard to show different Microsoft Cloud services and their statuses.  We are importing data from the Microsoft Service Health and can run searches on it.  I am able to find each service (Microsoft Teams, Exchange Online, SharePoint Online etc) and their current status (up or down). 

Now I need to show this in a dashboard but my manager wants to group the services in categories like, Core services, Productivity and Cloud Apps so that if a person navigates tot he dashboard they can click a dropdown and select the category then those services are displayed  with their UP/DOWN status.  

Any help would be much appreciated.

Labels (4)
Labels
0 Karma
Reply

quietferret
Loves-to-Learn
‎08-18-2022 09:49 AM

Ok so I had the following:

index=azure source="ServiceAnnouncement.Issues" | sort 0 - _time | eval category = if(service = "Exchange Online" , "Core Service" , other)

But how can I do multiple if statements?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎08-18-2022 06:38 AM

You probably need to eval a new field which categorises the services and then filter on those categories. You could use a case function or if functions to do the evaluation, or you could define and use a lookup to map the service to its category.

0 Karma
Reply
Get Updates on the Splunk Community!

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...

How to Send Splunk Observability Alerts to Webex teams in Minutes

As a Developer Evangelist at Splunk, my team and I are constantly tinkering with technology to explore its ...