Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Multiselect input

chuck_life09
Path Finder
‎04-13-2021 03:44 AM

Hi,

In my dashboard i have set of inputs and when i submit the values gets stored in a lookup file. 

2 dropdowns , 1 multiselect and 1 text field

Can i store the values from the multiselect into separate records in the lookup or how do i expand as all are clustered like this, not sure how to give a separator.

Multiselect  name - Type

AAA ttt

BBB fff

CCC eee hhh qqq

... in the lookup file it shows like - AAA ttt BBB fff CCC eee hhh qqq. how do i separate it?

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-13-2021 03:59 AM

Hi @chuck_life09,

did you tried to create a lookup like this:

Name   Type
AAA    ttt
AAA    sss
BBB    fff
BBB    ggg
CCC    eee
CCC    hhh
CCC    qqq

 Calling it in the multivalue?

Ciao.

Giuseppe

0 Karma
Reply

chuck_life09
Path Finder
‎04-13-2021 04:07 AM

hi @gcusello 

the Multiselect input name is 

Type

1.my name is

2.the desktop is mine

3.there are many likes

Like this it will be, and it will be stored in the lookup as this 

----------------------------

time                              ID                count            Type 

13th april 2021      1234              4                  my name is the desktop is mine there are many likes

---------------------

I am not sure how to split it , can it be stored as this

time                              ID                count            Type 

13th april 2021      1234              4                  my name is 

13th april 2021      1234              4                  the desktop is mine 

13th april 2021      1234              4                  there are many likes

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-13-2021 05:34 AM

Hi @chuck_life09,

Sorry but I don't understand your requirement:

  • you have a multiselect,
  • the values of this multiselect are  "my name is" "the desktop is mine" "there are many likes",
  • you want to have these values in a lookup to dinamically manage them,
  • and use them to filter events in dashboard's panels.

What's the problem, to have these values in the lookup? or what else?

As I said, did you tried to put each value in a different row of the lookup, so you can call all the values from the lookup?

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...