Hello guys,
I'm pretty new to Splunk and I'd like to see if there is a way in which I could create a query that would dynamically populate the necessary table columns based on an initial search value passed in from a drop down input.
For example, lets say my data contains multiple entries based on protocol, and I wish to display the results in a table. If the protocol is SFTP, I only want columns only pertaining to that protocol, I have about 5-10 unique protocols, and unique column requirements for each. I was attempting to build a search string to store the search I want based on a case statement, but that may not be possible.
Something along these lines is what I want to achieve the protocol will be passed dynamically from a drop down input, and I understand how to pass that value.
search protocol = "SFTP"
|eval searchString = case(
protocol == "SFTP", "remoteUserID=MyUserId, RemotePort=MyPort",
protocol == "HTTPS" "externalURL=myURL, SSLCert=MyCert", 1=1, "Not Found"
)
| search searchString
I also was looking into directly modifying the xml based on an article I found in regards to displaying columns dynamically in splunk (not enough karma points to point links): which would work if I could have a unique table list. Maybe there is another way where I could call different queries in my panel based on the drop down value selected?
Thanks!!
↧