Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Dashboards & Visualizations
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Using a search base with inputlookup, how do I...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rharrisssi
Path Finder
11-04-2015
11:46 AM
I've basically created a base search and am using it with a lookup. The results of the base search are all my regions. However, I want to have an "All" option in the drop-down without updating the lookup table as it's generated hourly.
<search id="regions">
<query>
<![CDATA[
| inputlookup abc_sd_ipam
| stats by abc_region
]]>
</query>
</search>
[...]
<input type="dropdown" token="abc_region" searchWhenChanged="true">
<label>Region</label>
<selectFirstChoice>true</selectFirstChoice>
<allowCustomValues>false</allowCustomValues>
<search base="regions"><query>| table abc_region</query></search>
<fieldForLabel>abc_region</fieldForLabel>
<fieldForValue>abc_region</fieldForValue>
</input>
Can someone assist me with adding a static value to this data set so that "All" is the first value in the drop-down?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rharrisssi
Path Finder
11-04-2015
12:43 PM
This turned out to be the solution:
<input type="dropdown" token="abc_region" searchWhenChanged="true">
<label>Region</label>
<selectFirstChoice>false</selectFirstChoice>
<allowCustomValues>true</allowCustomValues>
<choice value="*">All</choice>
<search base="regions">
<query>| table abc_region</query>
</search>
<fieldForLabel>abc_region</fieldForLabel>
<fieldForValue>abc_region</fieldForValue>
</input>
Notice:
<choice value="*">All</choice>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rharrisssi
Path Finder
11-04-2015
12:43 PM
This turned out to be the solution:
<input type="dropdown" token="abc_region" searchWhenChanged="true">
<label>Region</label>
<selectFirstChoice>false</selectFirstChoice>
<allowCustomValues>true</allowCustomValues>
<choice value="*">All</choice>
<search base="regions">
<query>| table abc_region</query>
</search>
<fieldForLabel>abc_region</fieldForLabel>
<fieldForValue>abc_region</fieldForValue>
</input>
Notice:
<choice value="*">All</choice>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
icyfeverr
Path Finder
11-04-2015
12:41 PM
In your search query you can do something like the below:
| inputlookup abc_sd_ipam | stats by abc_region | append [ | stats count | eval count="All" | rename count AS abc_region ]
Want to give credit to https://answers.splunk.com/answers/41525/add-a-row-to-end-of-table.html
Get Updates on the Splunk Community!
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
Tuesday, May 14, 2024 | 11AM PT / 2PM ET
Register to Attend
Join us for this Tech Talk and learn how to ...
.conf24 | Personalize your .conf experience with Learning Paths!
Personalize your .conf24 Experience
Learning paths allow you to level up your skill sets and dive deeper ...
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...
