Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Mutliselect dropdown

anooshac
Communicator
‎11-21-2023 09:55 PM

Hi all,

I have 2 multiselect dropdowns. One is dependent on other dropdown.

The first drop down has groups and second has sub groups. I am facing some problem in appending the subgroup value to the respective group.

For example, lets assume that group has values a b c and only c has subgroup that is x ,y. I want to append that subgroup as c_x and c_y and pass it to the query.

I tried adding suffix in dropdown itself. But when the tokens are selected in any order it is adding the sub group to whole token, that is if i select b,c,a it will add subgroup as b,c,a_x and b,c,a_y.

 

Any suggestions on how can i correctly append the sub group to respective groups and use it in the query.

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-21-2023 11:42 PM

Hi @anooshac ,

you can use in the first multivalue the following search:

| makeresults
| eval group="a"
| append [| makeresults | eval group="b"]
| append [| makeresults | eval group="c", subgroup="x"]
| append [| makeresults | eval group="c", subgroup="y"]
| dedup group
| sort group
| table group

and in the second multivalue the following search:

| makeresults
| eval group="a"
| append [| makeresults | eval group="b"]
| append [| makeresults | eval group="c", subgroup="x"]
| append [| makeresults | eval group="c", subgroup="y"]
| table group subgroup
| search group=$group$
| eval value=group.if(isnotnull(subgroup),"_".subgroup,"")

then you can use the second value in your panels.

Obviously thgis is a sample to adapt to your search.

Ciao.

Giuseppe

 

0 Karma
Reply

anooshac
Communicator
‎11-22-2023 02:38 AM

Hi, @gcusello ,

 

Thanks for the reply. I have one concern, in the mutliselect dropdown the values selected will be a,b,c or b,c,a etc which will be comma separated.

In such conditions will this logic will work?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-22-2023 06:05 AM

Hi @anooshac,

my sample is a sample without any logic except the one you described.

So the order of values isn't relevant and can also be different.

If you have many values, I hint to use a lookup.

Ciao.

Giuseppe

0 Karma
Reply

anooshac
Communicator
‎01-11-2024 12:49 AM

Thank you @gcusello , I'll try using lookup.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-11-2024 02:10 AM

Hi @anooshac ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...