Hi everyone, I just want to ask about this particular case that I am rather unsure if it's possible to execute in splunk.
So let's say I have 2 sets of forms (which in the future might have more).
1. Kitchen
2. Living Room
Each of those forms log text responses in splunk in different ways.
The text field for Kitchen forms have
* kitchen diameter * [ 12 sqm]
* sink diameter * [5 sqm]
* table color* [blue]
Then for the living room form, it might have the following information
*sofa color * [green]
*wall color * [black]
*tv availability* [none]
...
And so on, (just to emphasize that there can really be a huge variety with what kind of data is in the text)
Now, my question is. Would it be possible to break them all down in such a way that the values of the text would be the column names when I select them in the dashboard?
I want to retrieve them in accordance to when they're selected from a dropdown.
I was hoping to use the dropdown to allow me to select either of those three forms.
Upon selection, what should happen is, the table below it should change in accordance to what was selected.
So table for kitchen would look like
| sofa color | wall color | tv availability |
| 12sqm | 5sqm | none |
And when I select the living room form it would look somewhat like
| kitchen diameter | sink diameter | table color |
| green | black | none |
I was thinking of using the rex to extract them, but after extracting them would it be possible to use them as column data?
Also, can rex handle it dynamically, like if a form has 6 types of key value pairs, would it be able to handle it?
