Solved: How to populate a drop-down list from a search?

Federica_92 · ‎03-02-2015

Hi everyone,

I'm trying with the splunk framework to take results from a search and show them on a drop-down menu. I have two examples, but both of them don't work and produce the same errors. I have tested the search in the Search and Reporting App and they produce a single result for each event.
The error is: "Duplicate labels causing conflict"

example 1:
My code is very simple:
This is what there is in the block section:

   {% dropdown id="drop-list1" managerid="mysearch-tree-exec-d"  default=" "  value="$path$"|token_safe %}

And this is the code in the js section:

  new SearchManager_tree_e_d({
                    id: "mysearch-tree-exec-d",
                    search:("host=path sourcetype=__singleline source=http-stream earliest=-10m")
            });

example 2:

{% dropdown id="drop-list2" managerid="mysearch-log"  default=" "  value="$sourcename$"|token_safe %}

 new SearchManager({
                    id: "mysearch-log",
                    search: "index=main source=* | dedup source | fields source"
                }); take all the different source

please, could someone help me?

lquinn · ‎03-02-2015

Try this:

{dropdown id="drop-list2" managerid="mysearch-log" default="" labelField="source" valueField="source" value="$sourcename$"|token_safe %}

Specifying the value and label field tells Splunk which field you want to appear in your dropdown.

View solution in original post

lquinn · ‎03-02-2015

Try this:

{dropdown id="drop-list2" managerid="mysearch-log" default="" labelField="source" valueField="source" value="$sourcename$"|token_safe %}

Specifying the value and label field tells Splunk which field you want to appear in your dropdown.

Federica_92 · ‎03-02-2015

Thank you, in my first case works, in my second one not:

  {% dropdown id="drop-list2" managerid="mysearch-tree-exec-d"  default=" " labelField="source" valueField="source" value="$path$"|token_safe %}

any ideas?

Federica_92 · ‎03-02-2015

search:("host=path sourcetype=__singleline source=http-stream earliest=-10m | fields path") all my host, so 
{% dropdown id="drop-list2" managerid="mysearch-tree-exec-d"  default=" " labelField="host" valueField="host" value="$path$"|token_safe %}

But doesn't work

lquinn · ‎03-02-2015

Are you sure you are looking for host? Havn't you specified host to be path at the beginning of your search? If you run this search can you see all the values that you want to be displayed? What field name are they under?

Federica_92 · ‎03-02-2015

Ok, I think I got the problem, I'm going to try to extract the field path with the rex epression, Now I try

Federica_92 · ‎03-02-2015

As well I have tried with labelField="path"

lquinn · ‎03-02-2015

Which field are you trying to display for this one?

How to populate a drop-down list from a search?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

How to populate a drop-down list from a search?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases