Solved: How to populate dropdown input with ids from searc...

vtsguerrero · ‎07-17-2014

Can anyone please help me to populate a Dropdown input with the ids from this this search:
index=main sourcetype=mainperfomance ChannelCode="*"
I need to make a table that auto searches registers within the selected channels...

bwooden · ‎07-17-2014

A quick way would be to populate the drop down from a populatingSearch (below). This example terminates the populating search once 1000 values are retrieved (via the "head 1000" command).

<form>
  <label>populate_dropdown_from_search</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="channel_code">
      <label>Name:</label>
      <populatingSearch fieldForLabel="name" fieldForValue="name">index=main sourcetype=mainperfomance ChannelCode=* | head 1000 | stats count by ChannelCode | fields - count</populatingSearch>
    </input>
  </fieldset>
  <row>
    <panel>
      <event>
        <searchString>index=main sourcetype=mainperfomance ChannelCode=$channel_code$</searchString>
        <earliestTime/>
        <latestTime/>
      </event>
    </panel>
  </row>
</form>

A more robust solution is to define a lookup and then create a scheduled saved search that updates that lookup file. That file is updated by a search similar to the populating search. The lookup can then be used to populate the dropdown box quickly. Using a search that appends the lookup with new values makes the list more robust over time:

index=main sourcetype=mainperfomance ChannelCode=* 
| inputlookup append=t channel_codes
| stats count by ChannelCode
| fields - count
| outputlookup channel_codes

...then you would modify the dashboard to load the results from that looup file:

  <populatingSearch fieldForLabel="name" fieldForValue="name">| inputlookup channel_codes</populatingSearch>

View solution in original post

ThomasControlw1 · ‎05-10-2017

thanks for this soulution, works perfekt

bwooden · ‎07-17-2014

A quick way would be to populate the drop down from a populatingSearch (below). This example terminates the populating search once 1000 values are retrieved (via the "head 1000" command).

<form>
  <label>populate_dropdown_from_search</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="channel_code">
      <label>Name:</label>
      <populatingSearch fieldForLabel="name" fieldForValue="name">index=main sourcetype=mainperfomance ChannelCode=* | head 1000 | stats count by ChannelCode | fields - count</populatingSearch>
    </input>
  </fieldset>
  <row>
    <panel>
      <event>
        <searchString>index=main sourcetype=mainperfomance ChannelCode=$channel_code$</searchString>
        <earliestTime/>
        <latestTime/>
      </event>
    </panel>
  </row>
</form>

A more robust solution is to define a lookup and then create a scheduled saved search that updates that lookup file. That file is updated by a search similar to the populating search. The lookup can then be used to populate the dropdown box quickly. Using a search that appends the lookup with new values makes the list more robust over time:

index=main sourcetype=mainperfomance ChannelCode=* 
| inputlookup append=t channel_codes
| stats count by ChannelCode
| fields - count
| outputlookup channel_codes

...then you would modify the dashboard to load the results from that looup file:

  <populatingSearch fieldForLabel="name" fieldForValue="name">| inputlookup channel_codes</populatingSearch>

bwooden · ‎07-17-2014

If you're using latest version of Splunk, much of the work (creating the form, adding the dropdown, adding a populating search, etc) can be done via the UI's dashboard editor. Additionally, this app has many great Simple XML dashboard examples: http://apps.splunk.com/app/1603/

How to populate dropdown input with ids from search?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor