Using OR in a pivot query

angersleek · ‎08-08-2018

I have a data set with following query and it is saved as "model_requests"

(service=service* OR (service=Aservice* AND app_name=app*)) some_other_fields=*

Under my dash boards I have a single value chart with following query:

| pivot model_requests RootObject count(RootObject) AS "Count of Requests" FILTER service in $service_token$

$service_token$ points to a drop down in the dashboard, which has different service names or * which is a list of a set of services.
Example drop down options under static options:

Name         Value
*            (Service1, Service2)
Service1     Service1
Service2     Service2

I have added a new drop down for app_name and its token name is $app_token$ as follows:

Name     Value
*        (app1, app2)
app1     app1
app2     app2

In the pivot query, I am looking to have an OR in it to choose between the tokens service_token and app_token (Either or, both tokens data will not exists at the same time).
For example as follows:

| pivot model_requests RootObject count(RootObject) AS "Count of Requests" (FILTER service in $service_token$ OR FILTER app_name in $app_token$) FILTER something_else=*

This query doesn't work. Is there a way around this? Thanks.

Using OR in a pivot query

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!