Solved: Multiselect values as table input?

matstap · ‎05-02-2018

I have a multiselect dropdown. I also have a stat table which utilizes a KVstore. I want the multiselect values to filter the table How do I do this?

The multiselect has the token $product$. The table is just a column from a KVstore:

| inputlookup product_color.csv 
|search product="$product$"
| table color

Do I have to do something to $product$ before using it as a filter if there are multiple values?

somesoni2 · ‎05-02-2018

Follow example from below link to setup your multiselect to user valuePrefix, valueSuffix and delimiter (basically replace sourcetype with product in the example code for multiselect input) and change your query like this

| inputlookup product_color.csv | search $prodct$ | table color

http://docs.splunk.com/Documentation/Splunk/7.0.3/Viz/tokens#Multiselect_input_example

View solution in original post

somesoni2 · ‎05-02-2018

Follow example from below link to setup your multiselect to user valuePrefix, valueSuffix and delimiter (basically replace sourcetype with product in the example code for multiselect input) and change your query like this

| inputlookup product_color.csv | search $prodct$ | table color

http://docs.splunk.com/Documentation/Splunk/7.0.3/Viz/tokens#Multiselect_input_example

Multiselect values as table input?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Splunk Observability Metrics Cost Optimization

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation