I have 3 dynamic dropdowns in my panel. I need to do my search on them but only the first dropdown is populated. If I use the search from them individually, I can get results. What is my mistake?
Sorry for the newbie question!
<form>
<label>Main</label>
<fieldset submitButton="false" autoRun="true"></fieldset>
<row>
<panel>
<input type="dropdown" token="source">
<label>Scan Name</label>
<search>
<query>index=discovery_data | dedup "source"</query>
<earliest>@d</earliest>
<latest>now</latest>
</search>
<fieldForLabel>source</fieldForLabel>
<fieldForValue>source</fieldForValue>
<choice value="*">all</choice>
<default>*</default>
</input>
<input type="dropdown" token="in_input_domains">
<label>In Input Domains</label>
<search>
<query>index=discovery_data | dedup "In Input Domain"</query>
<earliest>@d</earliest>
<latest>now</latest>
</search>
<fieldForLabel>in_input_domains</fieldForLabel>
<fieldForValue>in_input_domains</fieldForValue>
<choice value="*">all</choice>
<default>*</default>
</input>
<input type="dropdown" token="in_input_ips">
<label>In Input IP's</label>
<search>
<query>index=discovery_data | dedup "In Input IP Range"</query>
<earliest>@d</earliest>
<latest>now</latest>
</search>
<fieldForLabel>in_input_ips</fieldForLabel>
<fieldForValue>in_input_ips</fieldForValue>
<choice value="*">all</choice>
<default>*</default>
</input>
<table>
<title>Domains found when</title>
<search>
<query>index="discovery_data" source=$source$ "In Input Domain"=$in_input_domains$ "In Input IP Range"=$in_input_ips$ | dedup "Host Display" | table "Host Display" "Time Found" "source"</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
</form>
@jtotzek,
In the second and third dropdown boxes, you have the fields "In Input Domain" and "In Input IP Range" respectively which are not matching with the respective fieldForValue
and fieldForLabel
. These properties look for the fields from the search itself. Try renaming this fields in the search and use them. Also index=discovery_data |stats countby "your fieldname"
might be faster than dedup
. Just give it a try
Example :
<input type="dropdown" token="in_input_ips">
<label>In Input IP's</label>
<search>
<query>index=discovery_data | stats count by "In Input IP Range"|rename "In Input IP Range" as in_input_ips </query>
<earliest>@d</earliest>
<latest>now</latest>
</search>
<fieldForLabel>in_input_ips</fieldForLabel>
<fieldForValue>in_input_ips</fieldForValue>
<choice value="*">all</choice>
<default>*</default>
</input>
@jtotzek,
In the second and third dropdown boxes, you have the fields "In Input Domain" and "In Input IP Range" respectively which are not matching with the respective fieldForValue
and fieldForLabel
. These properties look for the fields from the search itself. Try renaming this fields in the search and use them. Also index=discovery_data |stats countby "your fieldname"
might be faster than dedup
. Just give it a try
Example :
<input type="dropdown" token="in_input_ips">
<label>In Input IP's</label>
<search>
<query>index=discovery_data | stats count by "In Input IP Range"|rename "In Input IP Range" as in_input_ips </query>
<earliest>@d</earliest>
<latest>now</latest>
</search>
<fieldForLabel>in_input_ips</fieldForLabel>
<fieldForValue>in_input_ips</fieldForValue>
<choice value="*">all</choice>
<default>*</default>
</input>
thanks a lot, didn't recognized that it needs to match the query!
thanks a lot, didn't recognized that it needs to match the query!
@jtotzek, you are welcome. Please accept as answer if you don't have further question to close the thread
@jtotzek, do you have any other question on this ? If not, kindly accept as answer.