Hello guys,
I'm pretty new to Splunk and I'd like to see if there is a way in which I could create a query that would dynamically populate the necessary table columns based on an initial search val...
See more...
Hello guys,
I'm pretty new to Splunk and I'd like to see if there is a way in which I could create a query that would dynamically populate the necessary table columns based on an initial search value passed in from a drop down input.
For example, lets say my data contains multiple entries based on protocol, and I wish to display the results in a table. If the protocol is SFTP, I only want columns only pertaining to that protocol, I have about 5-10 unique protocols, and unique column requirements for each. I was attempting to build a search string to store the search I want based on a case statement, but that may not be possible.
Something along these lines is what I want to achieve the protocol will be passed dynamically from a drop down input, and I understand how to pass that value.
search protocol = "SFTP" |eval searchString = case( protocol == "SFTP", "remoteUserID=MyUserId, RemotePort=MyPort", protocol == "HTTPS" "externalURL=myURL, SSLCert=MyCert", 1=1, "Not Found" ) | search searchString
I also was looking into directly modifying the xml based on an article I found in regards to displaying columns dynamically in splunk (not enough karma points to point links): which would work if I could have a unique table list. Maybe there is another way where I could call different queries in my panel based on the drop down value selected?
Thanks!!