- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- pre populate multiselect from csv lookup and allow...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pre populate multiselect from csv lookup and allow to select remaining from index query
I have one csv lokup which looks like-
Group numbers
A 1
A 2
A 3
A 4
B 5
B 6
B 7
B 8
From above I am populating dropdown to show distinct Group ..In this case dropdown will show "A" and "B".And next to that I am using multiselect input -which will run from index query to populate numbers multiselect. and as per selection of group it should pre-populate numbers from csv lookup .
For example If I select Group from dropdown as "A" then multiselect should populate numbers "1","2","3","4" and allow user to select any other numbers from spl query- index="abc" |stats count by numbers
will it be possible in splunk.Please help.
Thanks,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Use 2 inputs: a dropdown for Group and a multiselect that uses the token from that to populate Number(s).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI @ips_mandar,
you have to create two dropdown inputs using the first token in the second input's search, in other words, something like this (if numbers is a field both in lookup and index and Group is only a field in lookup):
<form>
<label>test</label>
<description>your description</description>
<fieldset submitButton="false">
<input type="dropdown" token="group">
<label>Group</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>Group</fieldForLabel>
<fieldForValue>Group</fieldForValue>
<search>
<query>| inputlookup my_lookup.csv | dedup Group | sort Group | table Group</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
</search>
<prefix>Group="</prefix>
<suffix>"</suffix>
</input>
<input type="dropdown" token="numbers">
<label>numbers</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>numbers</fieldForLabel>
<fieldForValue>numbers</fieldForValue>
<search>
<query>index=yout_index | lookup my_lookup.csv numbers OUTPUT Group | search $group$ | dedup numbers | sort numbers | table numbers</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
</search>
<prefix>numbers="</prefix>
<suffix>"</suffix>
</input>
<input type="time" token="Time">
<label>Time</label>
<default>
<earliest>-1d@d</earliest>
<latest>@d</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<title>your title</title>
<event>
<search>
<query>index=your_index $numbers$</query>
<earliest>$Time.earliest$</earliest>
<latest>$Time.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="list.drilldown">none</option>
<option name="list.wrap">1</option>
<option name="maxLines">5</option>
<option name="raw.drilldown">full</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">0</option>
<option name="table.drilldown">all</option>
<option name="table.sortDirection">asc</option>
<option name="table.wrap">1</option>
<option name="type">list</option>
</event>
</panel>
</row>
</form>
Ciao.
Giuseppe
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
