Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How do I create dependent dropdowns/filters?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I create dependent dropdowns/filters?
I have 3 filters for servers like this: (the tokens from these filters are used in the query)
Server1 : Bridge_API, Bridge_UAT, Bridge_UAT_API
Server2: PG_API, PG_UAT, PG_UAT_API
Server 3: PA_API, PA_UAT, PA_UAT_API
When I select a server type from any of the dropdown for e.g. if I select Bridge_API from Server1 dropdown, the other filters should switch to *_API and query the data. (if I select a server from the Server 2, the corresponding suffix server should be updated)
Similarly for Bridge_UAT others should switch to PG_UAT and PA_UAT.
How can I achieve this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @borolen,
if the value of the second and third dropdown is only one after the first choice, why do you use a dropdown for 2 and 3?
You could put these information in alookup and use it after the first choice.
If instead after the first choice (e.g. server1) you could have more values for dropdown 2 and 3, you have to create a search using the token from dropdown 1, e.g. something like this:
<fieldset submitButton="false">
<input type="dropdown" token="dropdown1">
<label>Dropdown 1</label>
<search>
<query>
index=your_index
| dedup field1
| sort field1
| table field1
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<choice value="*">All</choice>
<prefix>field1="</prefix>
<suffix>"</suffix>
<fieldForLabel>field1</fieldForLabel>
<fieldForValue>field1</fieldForValue>
</input>
<input type="dropdown" token="dropdown2">
<label>Dropdown 2</label>
<search>
<query>
index=your_index field1=$dropdown1$
| dedup field2
| sort field2
| table field2
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<choice value="*">All</choice>
<prefix>field2="</prefix>
<suffix>"</suffix>
<fieldForLabel>field2</fieldForLabel>
<fieldForValue>field2</fieldForValue>
</input>
<input type="dropdown" token="dropdown3">
<label>Dropdown 1</label>
<search>
<query>
index=your_index field1=$dropdown1$ field2=$dropdown2$
| dedup field3
| sort field3
| table field3
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<choice value="*">All</choice>
<prefix>field3="</prefix>
<suffix>"</suffix>
<fieldForLabel>field3</fieldForLabel>
<fieldForValue>field3</fieldForValue>
</input>
</fieldset>Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @gcusello ,
I do not have more values for server 2, server 3. The values are static for dropdowns. I just have to make the others consistent with the suffix of one I have selected.
I don't have different fields like field1, field2 etc. All these are are the same field as sourcetype. Also, I want the update to be bidirectironal ie.e if I select from dropdown 2 it should reflect in the other dropdowns
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @borolen,
as I said, if after the first dropdown choice, you have only one static value for the second and third dropdown, you don't need tu use dropdows, but you can take these values from the search or from a lookup, so your interfase is easier to use (your users have to use only one input!).
Ciao.
Giuseppe
What the End of Support for Splunk Add-on Builder Means for You
Solve, Learn, Repeat: New Puzzle Channel Now Live
Building Reliable Asset and Identity Frameworks in Splunk ES
