Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to edit my search to filter and populate an input field only with host names with ABC in the value?

sushmitha_mj
Communicator
‎04-15-2015 07:55 AM

I am trying to populate an input field using the following lines in XML dashboard source 

   <populatingSearch fieldForValue="host" fieldForLabel="host">
    <![CDATA[|metadata type=hosts index=os host="ABC*"]]>
  </populatingSearch>

I am adding host="ABC*" for it to display only host names having ABC, but it is still displaying all the host names. How do I make it display just ABC host names?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎04-15-2015 09:03 AM

Keep it simple and just filter the output of the metadata command with a search command. 

<populatingSearch fieldForValue="host" fieldForLabel="host">
  <![CDATA[|metadata type=hosts index=os | search host="ABC*"]]>
</populatingSearch>

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎04-15-2015 09:03 AM

Keep it simple and just filter the output of the metadata command with a search command. 

<populatingSearch fieldForValue="host" fieldForLabel="host">
  <![CDATA[|metadata type=hosts index=os | search host="ABC*"]]>
</populatingSearch>
Reply
Solved! Jump to solution

sushmitha_mj
Communicator
‎04-15-2015 09:31 AM

@sideview
Works !! Thanks...

0 Karma
Reply
Solved! Jump to solution

gyslainlatsa
Motivator
‎04-15-2015 09:33 AM

I would like to know if my new proposed answers do not work? thanks

0 Karma
Reply
Solved! Jump to solution

gyslainlatsa
Motivator
‎04-15-2015 08:11 AM

hi sushmitha_mj,
try this

    <populatingSearch fieldForValue="host" fieldForLabel="host">
     <![CDATA[|metadata type=hosts index=os host=* |stats count (host) | where like(host,"ABC%")]]>
   </populatingSearch>

If this does not work, try to use stats count by host as this:

 <populatingSearch fieldForValue="host" fieldForLabel="host">
         <![CDATA[|metadata type=hosts index=os host=* |stats count by host  | where like(host,"ABC%")]]>
       </populatingSearch>
Reply
Solved! Jump to solution

sushmitha_mj
Communicator
‎04-15-2015 08:52 AM

@gyslainlatsa
Does not work. It does not list the hosts at all. It just lists "all" and when I select that,
all hosts are displayed.

0 Karma
Reply
Solved! Jump to solution

gyslainlatsa
Motivator
‎04-15-2015 08:55 AM

remove values() and put count() as specified above

0 Karma
Reply
Solved! Jump to solution

sushmitha_mj
Communicator
‎04-15-2015 09:51 AM

@gyslainlatsa
Your second solution also worked!! Thanks...

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...