Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

double condition on filtering

taha13
Explorer
‎02-28-2018 02:22 AM

So,it's my first question on the forum,
I'm working on a dashoard already done (i'm making chages);the conditions,the filtering....
And i have problem of double condition on filtering
So,normaly we have a basic query
alt text

And then we have the condition

alt text

And the span

input type="radio" token="token_span" depends="$depends_token_1$">
      <label>Choisir échelle</label>
      <choice value="15m">15 minuttes</choice>
      <choice value="30m">30 minuttes</choice>
      <choice value="1h">1 heure</choice>
      <choice value="1d">Toute la journée</choice>
      <default>1d</default>
    </input>

So to load the query

      <query>
          | stats count(eval((MESSAGE="Click open chat"))) AS Nombre_de_Click_Open_Tchat

                 </query>
    </search>

This method is already done by someone and i can't change it.
Now i want to add other candition (when the label is "Hier" and the span token is "15 minuttes" ,i execute my query.
To do this i already try this method but it's doesn't work

<condition match="label_token=Hier AND token_span=30 minuttes"> 
              <set token="earliest_token">$value$</set>
              <set token="show_Data_Labels_token">none</set>
              <set token="loadjob_token_analyse_fine">Analyse_fine_du_Tchat_Hier</set>
            </condition>

And to load the query 

 <query>
                | loadjob savedsearch="a468413:ied:$loadjob_token_analyse_fine$"
                | search $chatOrigin_token$ $media_token$

                     </query>

I hope that someone can help me ,thank you

Tags (1)
Preview file
12 KB
Preview file
23 KB
0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...