Splunk Search

Multiselect input

chuck_life09
Path Finder

Hi,

In my dashboard i have set of inputs and when i submit the values gets stored in a lookup file. 

2 dropdowns , 1 multiselect and 1 text field

Can i store the values from the multiselect into separate records in the lookup or how do i expand as all are clustered like this, not sure how to give a separator.

Multiselect  name - Type

AAA ttt

BBB fff

CCC eee hhh qqq

... in the lookup file it shows like - AAA ttt BBB fff CCC eee hhh qqq. how do i separate it?

Labels (1)
Tags (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @chuck_life09,

did you tried to create a lookup like this:

Name   Type
AAA    ttt
AAA    sss
BBB    fff
BBB    ggg
CCC    eee
CCC    hhh
CCC    qqq

 Calling it in the multivalue?

Ciao.

Giuseppe

0 Karma

chuck_life09
Path Finder

hi @gcusello 

the Multiselect input name is 

Type

1.my name is

2.the desktop is mine

3.there are many likes

Like this it will be, and it will be stored in the lookup as this 

----------------------------

time                              ID                count            Type 

13th april 2021      1234              4                  my name is the desktop is mine there are many likes

---------------------

I am not sure how to split it , can it be stored as this

time                              ID                count            Type 

13th april 2021      1234              4                  my name is 

13th april 2021      1234              4                  the desktop is mine 

13th april 2021      1234              4                  there are many likes

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @chuck_life09,

Sorry but I don't understand your requirement:

  • you have a multiselect,
  • the values of this multiselect are  "my name is" "the desktop is mine" "there are many likes",
  • you want to have these values in a lookup to dinamically manage them,
  • and use them to filter events in dashboard's panels.

What's the problem, to have these values in the lookup? or what else?

As I said, did you tried to put each value in a different row of the lookup, so you can call all the values from the lookup?

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...