Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Mutliselect dropdown

anooshac
Communicator
‎11-21-2023 09:55 PM

Hi all,

I have 2 multiselect dropdowns. One is dependent on other dropdown.

The first drop down has groups and second has sub groups. I am facing some problem in appending the subgroup value to the respective group.

For example, lets assume that group has values a b c and only c has subgroup that is x ,y. I want to append that subgroup as c_x and c_y and pass it to the query.

I tried adding suffix in dropdown itself. But when the tokens are selected in any order it is adding the sub group to whole token, that is if i select b,c,a it will add subgroup as b,c,a_x and b,c,a_y.

 

Any suggestions on how can i correctly append the sub group to respective groups and use it in the query.

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-21-2023 11:42 PM

Hi @anooshac ,

you can use in the first multivalue the following search:

| makeresults
| eval group="a"
| append [| makeresults | eval group="b"]
| append [| makeresults | eval group="c", subgroup="x"]
| append [| makeresults | eval group="c", subgroup="y"]
| dedup group
| sort group
| table group

and in the second multivalue the following search:

| makeresults
| eval group="a"
| append [| makeresults | eval group="b"]
| append [| makeresults | eval group="c", subgroup="x"]
| append [| makeresults | eval group="c", subgroup="y"]
| table group subgroup
| search group=$group$
| eval value=group.if(isnotnull(subgroup),"_".subgroup,"")

then you can use the second value in your panels.

Obviously thgis is a sample to adapt to your search.

Ciao.

Giuseppe

 

0 Karma
Reply

anooshac
Communicator
‎11-22-2023 02:38 AM

Hi, @gcusello ,

 

Thanks for the reply. I have one concern, in the mutliselect dropdown the values selected will be a,b,c or b,c,a etc which will be comma separated.

In such conditions will this logic will work?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-22-2023 06:05 AM

Hi @anooshac,

my sample is a sample without any logic except the one you described.

So the order of values isn't relevant and can also be different.

If you have many values, I hint to use a lookup.

Ciao.

Giuseppe

0 Karma
Reply

anooshac
Communicator
‎01-11-2024 12:49 AM

Thank you @gcusello , I'll try using lookup.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-11-2024 02:10 AM

Hi @anooshac ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...