Re: searching for specific result

yohhpark · ‎10-03-2023

system_id = AA-1, AA-1-a, AA-1-b, AA-10, AA-10-a, AA-10-b, AA-12, AA-12-a, AA-12-b,,, and so on. Notice all the system_id starts with common 'AA-1' and * afterward. However, when use it as a token, as you've already feel the problem, AA-10* would return ALL the following id's start with AA-10* and nothing else, so good. however, if I choose AA-1*, not only it returns the values that start with AA-1 but also AA-10 and AA-12, which I do not want. Trying to make this a dashboard, dropdown with token, where user pikc AA-1, and it only returns ALL the values that only ahs AA-1, aa-1-a, aa-1-b and so on.

jwalrath1 · ‎10-05-2023

Hi @yohhpark

If your data is following the format AA-1-a, AA-1-b and so on, then instead of making the value for your dropdown option being AA-1*, make it AA-1-*. This will show everything for only the AA-1- leading characters and would not show AA-10... or AA-11...

Again, this would only work if the data does follow the format with the dash (-) at separator AA-1-...

searching for specific result

regex

rex

table

Shape the Future of Splunk: Join the Product Research Lab!

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Are you a member of the Splunk Community?