@ITWhisperer  |search filed1=Enabled OR "Enabled" OR "Disabled" OR Disabled From the above search Enabled returns one row in search, "Enabled" in double quotes returns second row, Disabled returns third row and "Disabled" in double quotes returns fourth row. Field1---> dc(servers) Enabled--> 10 Enabled--> 3 Disabled-> 23 Disabled->6   ... View more

Hi @gcusello  I have moved the * to secondary dashboard. The token in the URL of the secondary dashboard is like this : ?selected_value=10.6.1%0D%0A In the secondary dashboard query comes like this, with * in the new line. | search "_version"="10.6.1 *" If i do not use *, no rows are getting displayed. I have to move the * next to 10.6.1 (| search "_version"="10.6.1*") , then the rows related to 10.6.1 are getting displayed, including 10.6.1, 10.6.12-105.x86_64,10.6.12-120.x86_64,10.6.13-111,10.6.13-111.x86_64 The carriage return in secondary dashboard query is causing the query to fail. I could not figure out from where the carriage return is coming from. Thank you. ... View more

Hi @gcusello  <drilldown> <link target="_blank">/app/app_name/server_list?selected_value=$click.value$&amp;location_tok2=$location_tok2$&amp;Cust_id=$Cust_id$</link> </drilldown>   Thank you. ... View more

Hi @gcusello  Version sum(Count) 1 30 2 8.8.0 3 3 10.2.2-1370.x86_64 2 4 10.5.1-1582.x86_64 1 5 10.5.5-106 28 6 10.5.5-106.x86_64 17 7 10.6.1 18 8 10.6.12-105.x86_64 19 9 10.6.12-120.x86_64 756 10 10.6.13-111 5 11 10.6.13-111.x86_64 1   ... View more

@gcusello                    In the target dashboard query comes like this, with * in the new line. | search "_version"=10.6.1 * If i do not use *, no rows is getting displayed. If i move the * next to 10.6.1 (10.6.1*) , then the rows related to 10.6.1 are getting displayed, including 10.6.1, 10.6.12-105.x86_64,10.6.12-120.x86_64,10.6.13-111,10.6.13-111.x86_64 ... View more

Hello @gcusello  Your query worked for me after changing it to append. I have one more problem. For drill-down, I can see the following token in the URL. selected_value=8.8.0%0D%0A* Here %0D%0A means a space. I just want to pass 8.8.0*, with out a space. The rtrim in source dashboard is unable to trim the space at the end of 8.8.0. Please suggest. Thank you ... View more

Hi @gcusello, sourcetype=abc index=123 | spath _url | search _url=US OR ASIA |spath "_US_ version" | stats dc(hostname) by  US_ version |rename US_ version as version |appendcols [search sourcetype=abc index=123 | spath _url | search _url=US OR ASIA |spath "_ASIA_ version" | stats dc(hostname) by  ASIA_ version |rename ASIA_ version as version ] | stats sum(dc(hostname)) by  version    Here i want the results of both US_version and ASIA_version. All the results int both the searches. But now the problem is ,its displaying only the common version numbers. Thank you. ... View more

Thank you Mr.Rich. This is my requirement. base search.. |search "_attributes.xxx.total" |stats dc(servername) by _attributes.xxx.total base search.. |search "_attributes.yyy.total" |stats dc(servername) by _attributes.yyy.total From these two searches i want a cobination like the below with a wild card. But it wouldn't work this way.Please suggest how to achieve it. base search.. |search "_attributes.*.total" |stats dc(servername) by _attributes.*.total   ... View more