Hi Renithnair,
Could I possibly ask one further question of you have the time.
I have two tokens in interface which vary depending on chosen drop down box.
Example
$enter_feature_tok$ =CAA
$service_family_tok$=GMM

But I need to use them queries to look up a table by appending these two variables but the lookup uses these values in lowercase.
Text in query is => "lookup tp_gmm_cca_digital_map" . You see gmm and cca.

I wanted to substitute gmm with lower case tokens=> lower($enter_feature_tok$) which has a current value GMM in uppercase by saying lower($service_family_tok$ ) to lowercase it and same for
CAA by saying lower($enter_feature_tok$ ) so it becomes as
tp_lower($service_family_tok$)lower($enter_feature_tok$)_telnet_map
in lookuo query.
The only constants are "tp" and "telnet_map" But it did not work and also tried [ lookup eval tp_gmm_cca_digital_map =lower(tp$service_family$_$enter_feature_tok$_digital_map) ]
if could please assist or suggest,thanks.

@HenryFitzerald,
there is an "Accept" button just below the original answer for accepting and there is "^" button on the left side for upvoting .

In the second question , you mentioned tp_gmm_cca_digital_map and tp_gmm_cca_telnet_map . Which is your lookup in this ? and how do you want to connect digital and telnet?. We can get the token to lower case but would like to know your requirement better.

Hi Renjith ,
Thanks for reply the tp_gmm_cca_digital_map and tp_gmm_cca_telnet_map .
They are just textual replacements I could not use the actual code itself for work reasons. It actually looks like
this XX_gmm_caa_XXXXXXXX "XXXX" values are fixed text I just replaced the XXXs with tp and telenet & digital_map
and actual query looks like => lookup XX_gmm_caa_XXXXXXXX.
The gmm_caa are service_family and tokens in lowercase
The only issue is how to append gmm_caa which is $service_family_tok$=GMM
and $enter_feature_tok=CAA as but in lower case.

There are others queries but in different dashboards
lookup XX_gmm_accts_XXXXXXXX
lookup XX_gmm_regsaver_XXXXXXXX
lookup XX_edh_stmts_XXXXXXXX.

These other queries in "seperate splunk panels" but now there’s two drop down boxes in only one Splunk dashboard & I can capture when the user chooses the "service_family"
and "feature" values but in uppercase in tokens $service_family_tok$ and $enter_feature_tok$
and use this in one generic query in one dashboard.

Attempting to use the values stored in the two tokens to create a generic query
=> lookup XX_$service_family_tok$_$enter_feature_tok$_XXXXXX
but the token are in uppercase and I am unsure how to append this using lower case (lower)
Query => lookup XX_lower($service_family_tok$)_lower($enter_feature_tok$)_XXXXXX
I have tried a few things like lower & “eval” without success.Thanks

@HenryFitzerald,

Try replacing this with your second input and use the lookup as lookup tp_$l_service_family_tok$_$l_enter_feature_tok$_digital_map

    <input type="dropdown" token="enter_feature_tok">
      <label>Second Dropdown</label>
      <fieldForLabel>feature</fieldForLabel>
      <fieldForValue>feature</fieldForValue>
      <search>
        <query>|makeresults|eval feature="$feature_values$"|makemv feature delim=","|mvexpand feature</query>
        <earliest>-1s@s</earliest>
        <latest>now</latest>
      </search>
      <change>
        <eval token="l_service_family_tok">lower($service_family_tok$)</eval>
        <eval token="l_enter_feature_tok">lower($value$)</eval>
      </change>
    </input>

Hi Renjith,
Thanks for response but I need to keep everything in drop down just as it is in uppercase because theres another part of a different query that uses feature_token
as it is in uppercase example GMM and would break that part of the code if I change in drop down change.

I just need to change both tokens to lowercase and append at
a different query which says [lookup XX_service_family_tok_enter_feature_tok_XXXX]

So heres where I have to do the conversion to lower and append/substitute to XX
_ and _XXXX . If I change it in the drop down it would affect code elsewhere. Thanks

@HenryFitzerald,
Thats what we did above. In the second input section, we added these two new tokens. see the l_ in front of them

<eval token="l_service_family_tok">lower($service_family_tok$)</eval>
 <eval token="l_enter_feature_tok">lower($value$)</eval>

Please find below full example :

<form>
  <label>Dropdown Example</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="service_family_tok">
      <label>First Drop Down</label>
      <choice value="GMM">GMM</choice>
      <choice value="EDH">EDH</choice>
      <choice value="PWS">PWS</choice>
      <default>GMM</default>
      <initialValue>GMM</initialValue>
      <change>
        <condition value="EDH">
          <set token="feature_values">STMTS-COUNT,MANAGACCT,INBOX,STMTS,ACCTS2,ACCTS</set>
          <unset token="form.enter_feature_tok"></unset>
        </condition>
        <condition value="GMM">
          <set token="feature_values">CCA,RESAVER</set>
          <unset token="form.enter_feature_tok"></unset>
        </condition>
        <condition value="HWBT">
          <set token="feature_values">PLA</set>
          <unset token="form.enter_feature_tok"></unset>
        </condition>
        <condition value="PWS">
          <set token="feature_values">TP</set>
          <unset token="form.enter_feature_tok"></unset>
        </condition>
      </change>
    </input>
    <input type="dropdown" token="enter_feature_tok">
      <label>Second Dropdown</label>
      <fieldForLabel>feature</fieldForLabel>
      <fieldForValue>feature</fieldForValue>
      <search>
        <query>|makeresults|eval feature="$feature_values$"|makemv feature delim=","|mvexpand feature</query>
        <earliest>-1s@s</earliest>
        <latest>now</latest>
      </search>
      <change>
        <eval token="l_service_family_tok">lower($service_family_tok$)</eval>
        <eval token="l_enter_feature_tok">lower($value$)</eval>
      </change>
    </input>
  </fieldset>
  <row depends="$enter_feature_tok$">
    <panel>
      <title>This html part is just to print the tokens and can be removed</title>
      <html>
       <h2> Here is an example of LOOKUP filename for $service_family_tok$ AND $enter_feature_tok$ </h2>
       <h1> "your base search here" | lookup tp_$l_service_family_tok$_$l_enter_feature_tok$_digital_map "your lookup terms"   </h1>
     </html>
    </panel>
  </row>
</form>

Renjith, Thanks its working and is interpolating well. Could I please ask if there is any Splunk material you could point me out to use for Splunk as you are an expert. I am new and need to get up to speed. Thanks

Probably you can start with

https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html
and then you can go through further training .
http://docs.splunk.com/Documentation is a good source too and obviously https://answers.splunk.com

Many Thanks will start with these.
Rgds
Henry

Hi Henry (@HenryFitzerald),

If you dont have further questions, kindly accept as answer by clicking on the "Accept" button below the answer to close the thread and also for https://answers.splunk.com/answers/697400/partial-string-conversion-to-lower-case.html#answer-696782

Thanks,
Renjith

Good Morning Renjith,
Could I possibly ask your assistance again. Been having
issues with the drop down boxes changing and opened another
post SPLUNK DROP_DOWN BOXES DOES NOT CHANGE CORRECTLY.
Not sure how tro delete posts. But the service
family defaults to GMM does not change when using another
service family. Tried a few thing without success.
All * and searchWhenChanged="true">.
Code is elow but does not paste in from "form tag"

Thanks again

FD TEST -EVENTS Clone
Shows events for FD-APIS.

<input type="time" token="master_time_span">
  <label>Chart time span</label>
  <default>
    <earliest>-24h@h</earliest>
    <latest>now</latest>
  </default>
</input>
<input type="dropdown" token="service_family_tok">
  <label>Choose Service Family:</label>
  <choice value="GMM">GMM</choice>
  <choice value="HWBT">HWBT</choice>
  <choice value="EDH">EDH</choice>
  <choice value="PWS">PWS</choice>
  <default>GMM</default>
  <initialValue>GMM</initialValue>
  <change>
    <condition value="GMM">
      <set token="feature_values">CCA,CIA,REG</set>
      <unset token="form.enter_feature_tok"></unset>
    </condition>
    <condition value="EDH">
      <set token="feature_values">MANACCS,INBOX,STMT,ACTS</set>
      <unset token="form.enter_feature_tok"></unset>
    </condition>

    <condition value="HWBT">
      <set token="feature_values">PLA</set>
      <unset token="form.enter_feature_tok"></unset>
    </condition>
    <condition value="PWS">
      <set token="feature_values">ALL</set>
      <unset token="form.enter_feature_tok"></unset>
    </condition>
  </change>
</input>
<input type="dropdown" token="enter_feature_tok">
  <label>Choose Feature:</label>
  <fieldForLabel>feature</fieldForLabel>
  <fieldForValue>feature</fieldForValue>
  <search>
    <query>|makeresults|eval feature="$feature_values$"|makemv feature delim=","|mvexpand feature</query>
    <earliest>-1s@s</earliest>
    <latest>now</latest>
  </search>
  <change>
    <eval token="l_service_family_tok">lower($service_family_tok$)</eval>
    <eval token="l_enter_feature_tok">lower($value$)</eval>
  </change>
</input>


<panel>
  <title>This html part is just to print the tokens and can be removed</title>
  <html>
    <h2> Here is an example of LOOKUP filename for $service_family_tok$ AND $enter_feature_tok$ </h2>
    <h1> "your base search here" | lookup fd_$l_service_family_tok$_$l_enter_feature_tok$_microservice_map  "your lookup terms"   </h1>
  </html>
</panel>

Hi Renjith,
Many Thanks for reply. Not quite what required as code provides a HTML response. The two drop downs for service and feature are required so I can retrieve the user chose values using their token values which reflect the users chosen values into a query. Just also updated Service/Family table/
Service_Family

EDH STMTS-COUNT
EDH MANAGACCT
EDH INBOX
EDH STMTS
EDH ACCTS2
EDH ACCTS
GMM CCA
GMM RESAVER
HWBT PLA
PWS TP

So if user could start with feature family EDH and choose STMTS or ACCTS etc for feature and I would have $service_family_tok$ =EDH and $enter_feature_tok$=STMTS and this would be used in the query or could be $service_family_tok$ =GMM and $enter_feature_tok$=CCA
Going through example on youtube dependEnt drop downs but it reads a file for name,country into Splunk which I cant do at moment https://www.youtube.com/watch?v=BJm04grvvf8

@HenryFitzerald,
The html part is only to display the token values, you could remove them.
I thought you have one to one mapping with two drop downs and hence suggested the solution. Its my fault. We need some kind of dynamic searches since there are multiple values involved. However, since you can't have a lookup, I tried a solution with dummy searches and works fine for me. Please see the updated answer and let me know if it works.

Copied here as well.

<form>
  <label>Dropdown Example</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="service_family_tok">
      <label>First Drop Down</label>
      <choice value="GMM">GMM</choice>
      <choice value="HWBT">HWBT</choice>
      <choice value="EDH">EDH</choice>
      <choice value="PWS">PWS</choice>
      <default>GMM</default>
      <initialValue>GMM</initialValue>
      <change>
        <condition value="EDH">
          <set token="feature_values">STMTS-COUNT,MANAGACCT,INBOX,STMTS,ACCTS2,ACCTS</set>
          <unset token="form.enter_feature_tok"></unset>
        </condition>
        <condition value="GMM">
          <set token="feature_values">CCA,RESAVER</set>
          <unset token="form.enter_feature_tok"></unset>          
        </condition>
        <condition value="HWBT">
          <set token="feature_values">PLA</set>
          <unset token="form.enter_feature_tok"></unset>          
        </condition>
        <condition value="PWS">
          <set token="feature_values">TP</set>
          <unset token="form.enter_feature_tok"></unset>          
        </condition>
      </change>
    </input>
    <input type="dropdown" token="enter_feature_tok">
      <label>Second Dropdown</label>
      <fieldForLabel>feature</fieldForLabel>
      <fieldForValue>feature</fieldForValue>
      <search>
        <query>|makeresults|eval feature="$feature_values$"|makemv feature delim=","|mvexpand feature</query>
        <earliest>-1s@s</earliest>
        <latest>now</latest>
      </search>
    </input>
  </fieldset>
  <row>
    <panel>
      <html>
      <h3>Service Family Token : $service_family_tok$ , Feature Token : $enter_feature_tok$</h3>
    </html>
    </panel>
  </row>
</form>

Hi Renjith,
Works fine thanks , I am just about to study the code as to how its done and can use tokens to build queries.
Thanks
Henry

@HenryFitzerald
Glad that it worked for you! If you are happy with the answer, please accept/upvote. If you need any further assistance on this, please feel free to comment. thanks!

Just saw this " please accept/upvote" how so you accept I could not fidn the prompt

@HenryFitzerald,
there is an "Accept" button just below the original answer for accepting and there is "^" button on the left side for upvoting