- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Search based on drop down selection
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Search based on drop down selection
I have 2 drop down (basically nested pulldown modules) and search based on the drop down selected drop down values.
Here is the sample :
<module name="Search" layoutPanel="panel_row2_col1_grp1">
<param name="search">index=costcentersummary source=list_costcenters | dedup costCenter | sort costCenter</param>
<module name="Pulldown">
<param name="name">costCenter</param>
<param name="label">Cost Center:</param>
<param name="template">$name$="$value$"</param>
<param name="searchFieldsToDisplay">
<list>
<param name="label">costCenter</param>
<param name="value">costCenter</param>
</list>
</param>
<param name="staticFieldsToDisplay">
<list>
<param name="value">Select</param>
<param name="label">Select</param>
</list>
<list>
<param name="value">*</param>
<param name="label">All Cost Centers</param>
</list>
</param>
<module name="Search">
<param name="search">index=costcentersummary source=list_costcenters |search $costCenter$ | dedup displayName | sort displayName</param>
<module name="HTML" layoutPanel="panel_row4_col1">
<param name="html">
<![CDATA[<font size="1" color="purple"><b><u>Search String is:</u> <i>$search$</i></b></font>]]>
</param>
</module>
<module name="Pulldown">
<param name="name">userName</param>
<param name="label">Employee:</param>
<param name="template">$name$="$value$"</param>
<param name="staticFieldsToDisplay">
<list>
<param name="value">Select</param>
<param name="label">Select</param>
</list>
<list>
<param name="value">*</param>
<param name="label">All Employees</param>
</list>
</param>
<param name="searchFieldsToDisplay">
<list>
<param name="label">displayName</param>
<param name="value">displayName</param>
</list>
</param>
......
If "All Cost centers" and "All Employees" values are chosen, my search query will be like this. Which works fine btw.
Search String is: index=statsindex sourcetype=statssource userName="*"
However if "a specific cost center" and "All Employees" values are chosen, I am not able to feed in the list of users for the cost center. What is the best way to build a list of userName predicates and construct the query. something like this. Appreciate any inputs.
Get the user list : index=costcentersummary source=list_costcenters |search costCenter="000633" | dedup displayName | sort displayName
index=statsindex sourcetype=statssource userName in ("List of displayName from the above query")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Found a way using subsearch.
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
