Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About syg6
syg6
New Member
Member since:
03-29-2019
06-05-2020
Community Statistics
| Posts | 4 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 03-29-2019 |
Activity Feed
- Posted Re: How do you exclude a dropdown value from a search if default/no value selected? on Dashboards & Visualizations. 04-01-2019 06:48 AM
- Posted Re: How do you exclude a dropdown value from a search if default/no value selected? on Dashboards & Visualizations. 04-01-2019 03:13 AM
- Posted Re: How do you exclude a dropdown value from a search if default/no value selected? on Dashboards & Visualizations. 03-30-2019 04:08 PM
- Posted How do you exclude a dropdown value from a search if default/no value selected? on Dashboards & Visualizations. 03-29-2019 04:26 PM
- Tagged How do you exclude a dropdown value from a search if default/no value selected? on Dashboards & Visualizations. 03-29-2019 04:26 PM
- Tagged How do you exclude a dropdown value from a search if default/no value selected? on Dashboards & Visualizations. 03-29-2019 04:26 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
04-01-2019
06:48 AM
Right, I understand that. In fact I am not using *, I am using empty string ("") as the default/nothing selected value.
What I meant to say was, is there no symbol you can send from the dropdown that would return results that have the column corresponding to the dropdown empty/null?
The only thing that works is doing what you suggest, essentially saying "country=nothing". What I was wondering is, is there no "country=anything" ?
Regardless, my question is academic, since your solution works fine.
... View more
04-01-2019
03:13 AM
That worked like a charm. Thanks again!
I still don't really get why "" doesn't work for empty/null columns. I'm not sure if internally splunk treats the value sent by the dropdown as a regular expression ... if it does "" should work, because it means "0 or more". But something tells me it does not treat it as a regular expression.
At any rate, if you look at the url when using your solution, instead of
/my_dashboard?form.country=*&form.state=*&form.city=*
it sends
/my_dashboard?form.country=&form.state=&form.city=&
In other words, country, state and city are blank. And the results are correct.
... View more
03-30-2019
04:08 PM
That does seem to work properly. I think I get what you did here ... You basically took the logic that I thought would go in the query (conditionally add country=$country$, state=$state$ or city=$city$), and put it in the logic of each dropdown. Very clever! I had no idea you could do that!
As to your questions ... I've thought about it some more and I think the logical thing to do here would be to have 2 dropdowns. One in which you have the 3 things you can search by: country, state or city, and in the other, possible values for country, state or city, depending on what you selected in the first dropdown.
Once you've chose a value from the first and second dropdown, then you perform the search. I think I will be able to apply your trick to that scenario.
I'll write here how it went. Many thanks again for the help!
... View more
03-29-2019
04:26 PM
I have a dashboard with 3 dropdowns, let's call call them country, state and city, each with its corresponding token ($country$, $state$ and $city$). They are not inter-dependent, and the default, static value for each dropdown is "*".
My data looks like this:
timestamp country state city
2019-03-29 USA
2019-03-29 NY
2019-03-29 NYC
In other words, each entry can have a value for, at most, 1 of these columns—either country, state or city. For example, country and state can't both have data in any given entry. Nor can state and city, country and city, etc.
My (naive) query was something like this:
index=* sourcetype=xxx result=000 AND country = $country$ AND state = $state$ AND city =$city$
The problem is, If no value is selected from any dropdown (so the default value "*" is used), no data is being displayed. Why? From what I gather, null values (state and city in the 1st line, country and city in the 2nd line, etc.) are not included in "*". In other words, "country = $country$" would return data on its own for line 1, but since the search also has "state = $state$ AND city =$city$", and those columns are null, no data is shown.
Is there a way to exclude the tokens from the query, if no value has been selected? In other words, if the non-default value for country is selected, the query would be
index=* sourcetype=xxx result=000 AND country = $country$
and if the non-default value for state were selected, the query would be
index=* sourcetype=xxx result=000 AND state = $state$
and if the non-default value for city were selected, the query would be
index=* sourcetype=xxx result=000 AND city =$city$
I was also considering using if/then/else or a case statement somehow ... but I can't seem to get it work work.
Any help much appreciated, I'm a Splunk noob.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
