- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to list values to fields based on userid selec...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
good morning all
So I have a table chart with a drop-down that selects a user and this works fine. When I select a user, it searches our kvstore and brings back records. The fields it brings back values for are "skills, levels, memid". The skills field has 27 or 28 values, levels field has 6 values and memid can be any amount.
After selecting a userid from the drop-down what, I am getting back is a table with column headers "Skills, Levels, Memid" with a record for each skill and level combo for that particular userid. So to put in perspective, 28 skills times 5 levels equals 140 records returned the max return should be 28, one level for each skill. Below is my current search definition. I have tried doing a dedup on skills that sort of works, but gives the same level value for each skill. So I get the 28 records like I am suppose to, but the level for each is "None", the first value in the levels field in the search.
Any help would be awesome!
Thanks
Ed
| inputlookup dojo_dev | search memid = $memid_token$ | eval skills = "netq bmc ehlth netdoc hpnnm splunk trident aternity ngenius sniffer airwave vidconf brocade rivrbd clrpass dns dhcp cisco ciscoworks bna asafwalls paltoaltofwalls xnet certadmin bluecat ldbalf5 webservx150 raisedflrserv" | eval levels = "None White Orange Blue Red Black" | makemv skills | makemv levels | mvexpand skills | mvexpand levels | fields skills, levels, memid
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am going just by your subject line; do this:
| inputlookup dojo_dev memid = $memid_token$ | stats values(*) AS *
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am going just by your subject line; do this:
| inputlookup dojo_dev memid = $memid_token$ | stats values(*) AS *
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
using that template, here is what I did and got what I was looking for 🙂
| inputlookup dojo_dev | search memid = $memid_token$ | fields - memfn - memln - mgr - memid
Now one last twist, can I split the table up based on width of panel
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You definitely do not need the | search (which I deleted).
If you are asking about a way to prevent wide tables from adding a horizontal scrollbar, I don't know of any way to "paginate" or otherwise prevent a scrollbar.
Don't forget to "Accept" the answer to close the question.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the expected output? If you don't want "None" for levels, what is the criteria to assign levels to skills?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the levels are already assigned when the user is added to the kvstore. So all I need it to do is search for a userid and spit out the skills and the level for that user. Example:
memid = u123
skills levels memid (only here to compare)
brocade White U123
asafirewalls Blue U123
...
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
