Solved: Re: help to use a multivalue field in a dropdown l...

jip31 · ‎10-05-2022

Hello

as you can see "type" field as 3 values : stand, vd or xe

if the "type" field is "vd" or "xe", I need to gather them in a field called "virt" but i dont succeed

could you help me please?

    <input type="dropdown" token="type" searchWhenChanged="true">
      <label>Environnement source</label>
      <choice value="*">*</choice>
      <choice value="stand">stand</choice>
      <choice value="type=(vd OR xe)">virt</choice>
      <default>*</default>
      <initialValue>*</initialValue>
    </input>

kamlesh_vaghela · ‎10-05-2022

@jip31

Change your search with this.

<search>
          <query>index=test $type$ </query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>

KV

View solution in original post

kamlesh_vaghela · ‎10-05-2022

@jip31

Are you looking for something like this?

<input type="dropdown" token="type" searchWhenChanged="true">
      <label>Environnement source</label>
      <choice value="*">*</choice>
      <choice value="stand">stand</choice>
      <choice value="vd&quot; OR type=&quot;xe">virt</choice>
      <default>*</default>
      <initialValue>*</initialValue>
      <prefix>type="</prefix>
      <suffix>"</suffix>
    </input>

I hope this will help you.

Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.

jip31 · ‎10-05-2022

Hi

it doesnt works

if i just put

    <input type="dropdown" token="type" searchWhenChanged="true">
      <label>Environnement source</label>
      <choice value="*">*</choice>
      <choice value="standalone">stand</choice>
    </input>

it works

but with this it doent works

 <input type="dropdown" token="type" searchWhenChanged="true">
      <label>Environnement source</label>
      <choice value="*">*</choice>
      <choice value="stand">standalone</choice>
          <choice value="vd&quot; OR type=&quot;xe">virt</choice>
      <default>*</default>
      <initialValue>*</initialValue>
      <prefix>type="</prefix>
      <suffix>"</suffix>
    </input>

kamlesh_vaghela · ‎10-05-2022

@jip31

Did you try this?

MY_SEARCH $type$ | OTHER SEARCH

My Sample Code:

<row>
    <panel>
      <table>
        <search>
          <query>| makeresults | eval type="stand,vd,xe",type=split(type,",") |stats count by type | search $type$</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>

Can you please share your sample search code only?

KV

jip31 · ‎10-05-2022

here is

<form>
    <input type="dropdown" token="type" searchWhenChanged="true">
      <label>Environnement source</label>
      <choice value="*">*</choice>
      <choice value="stand">stand</choice>
         <choice value="vd&quot; OR type=&quot;xe">virt</choice>
      <default>*</default>
      <initialValue>*</initialValue>
      <prefix>type="</prefix>
      <suffix>"</suffix>
    </input>
  <row>
    <panel>
      <single>
        <title>ww</title>
        <search>
          <query>index=test type="$type$"</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>

kamlesh_vaghela · ‎10-05-2022

@jip31

Change your search with this.

<search>
          <query>index=test $type$ </query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>

KV

jip31 · ‎10-05-2022

perfect thanks

How to use a multivalue field in a dropdown list?

other

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms