Dashboards & Visualizations

How to get a populatingSearch to dynamically populate a drop-down menu?

cjrash1
Engager

All -

I have been trying to implement the findings from a few other posts, but I just cannot get this figured out. I am trying to populate a drop-down based on active DHCP requests. I can get the list of IPs with this search:

index=bro sourcetype=bro_dhcp | sort by src_ip | dedup src_ip | table src_ip

BUT I cannot get it to implement in the drop-down menu.

I have done massive amounts of deleting, and this is what I am left with:

  <label>DNS Requests By IP</label>  
  <fieldset submitButton="false" autoRun="false">
    <input type="dropdown" token="inIP">
    <label>Current DHCP Leases: </label>
      <populatingSearch fieldForValue="src_ip" fieldForLabel="src_ip">
        sourcetype=bro_dhcp | fields src_ip | dedup src_ip
      </populatingSearch>
 </input> 
  </fieldset>
</form>

Any help would be amazing.

0 Karma
1 Solution

sundareshr
Legend

Try this

<label>DNS Requests By IP</label>
<fieldset submitButton="false" autoRun="false">
    <input type="dropdown" token="inIP">
        <label>Current DHCP Leases: </label>
        <search>
        <query>
           sourcetype=bro_dhcp | fields src_ip | dedup src_ip
        </query>
        </search>
        <fieldForLabel>src_ip</fieldForLabel>
        <fieldForValue>src_ip</fieldForValue>
    </input>
</fieldset>
</form>

View solution in original post

sundareshr
Legend

Try this

<label>DNS Requests By IP</label>
<fieldset submitButton="false" autoRun="false">
    <input type="dropdown" token="inIP">
        <label>Current DHCP Leases: </label>
        <search>
        <query>
           sourcetype=bro_dhcp | fields src_ip | dedup src_ip
        </query>
        </search>
        <fieldForLabel>src_ip</fieldForLabel>
        <fieldForValue>src_ip</fieldForValue>
    </input>
</fieldset>
</form>

cjrash1
Engager

Awesome. I only had to make one edit and it worked. Added the index into the search
index=bro sourcetype=bro_dhcp earliest=-7d| fields + src_ip | dedup src_ip | sort by src_ip

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...