Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Select the right index based on value in Dropdown

sandmountain
Explorer
‎09-27-2023 02:07 PM

I have a dropdown with two values PROD and TEST. Based on my selection in my panels in the dashboard I have to choose a different index for my search. How can I do this?

Example of two searches: (which also includes other tokens. These can be ignored. Both searches work if I directly put in the right index

1/ 
index=<IF PROD then AAA_prod_index else AAA_test_index> sourcetype IN (abc:edge:api, abc:edge:api)  proxy!="ow*" $client_token$ $target_token$ |
rex mode=sed field=proxy "s#^(.*?)_(.*)$#*_\2#" | stats count by proxy

2/
index=<IF PROD then BBB_prod_index else BBB_test_index> sourcetype=accesslog  tenant=$tenant_token$ | stats count by HTTPStatusCode

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎09-27-2023 03:08 PM

Your dropdown token, for example

<input type="dropdown" token="environment">
  <label>Environment</label>
  <choice value="prod">PROD</choice>
  <choice value="test">TEST</choice>
</input>
...

and then the searches just use that token

index=AAA_$environment$_index sourcetype IN (abc:edge:api, abc:edge:api)  proxy!="ow*" $client_token$ $target_token$ |
rex mode=sed field=proxy "s#^(.*?)_(.*)$#*_\2#" | stats count by proxy
----
index=BBB_$environment$_index sourcetype=accesslog  tenant=$tenant_token$ | stats count by HTTPStatusCode

View solution in original post

Reply
Solved! Jump to solution

sandmountain
Explorer
‎09-28-2023 06:45 AM

Thx that worked fine

0 Karma
Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎09-28-2023 05:21 PM

Please mark the answer as a solution for others to benefit from - thanks

0 Karma
Reply
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎09-27-2023 03:08 PM

Your dropdown token, for example

<input type="dropdown" token="environment">
  <label>Environment</label>
  <choice value="prod">PROD</choice>
  <choice value="test">TEST</choice>
</input>
...

and then the searches just use that token

index=AAA_$environment$_index sourcetype IN (abc:edge:api, abc:edge:api)  proxy!="ow*" $client_token$ $target_token$ |
rex mode=sed field=proxy "s#^(.*?)_(.*)$#*_\2#" | stats count by proxy
----
index=BBB_$environment$_index sourcetype=accesslog  tenant=$tenant_token$ | stats count by HTTPStatusCode
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...