Re: How do I create dependent dropdowns/filters?

borolen · ‎07-26-2022

I have 3 filters for servers like this: (the tokens from these filters are used in the query)

Server1 : Bridge_API, Bridge_UAT, Bridge_UAT_API

Server2: PG_API, PG_UAT, PG_UAT_API

Server 3: PA_API, PA_UAT, PA_UAT_API

When I select a server type from any of the dropdown for e.g. if I select Bridge_API from Server1 dropdown, the other filters should switch to *_API and query the data. (if I select a server from the Server 2, the corresponding suffix server should be updated)

Similarly for Bridge_UAT others should switch to PG_UAT and PA_UAT.

How can I achieve this?

gcusello · ‎07-26-2022

Hi @borolen,

if the value of the second and third dropdown is only one after the first choice, why do you use a dropdown for 2 and 3?

You could put these information in alookup and use it after the first choice.

If instead after the first choice (e.g. server1) you could have more values for dropdown 2 and 3, you have to create a search using the token from dropdown 1, e.g. something like this:

  <fieldset submitButton="false">
    <input type="dropdown" token="dropdown1">
      <label>Dropdown 1</label>
      <search>
        <query>
           index=your_index 
           | dedup field1
           | sort field1
           | table field1
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <choice value="*">All</choice>
      <prefix>field1="</prefix>
      <suffix>"</suffix>
      <fieldForLabel>field1</fieldForLabel>
      <fieldForValue>field1</fieldForValue>
    </input>
    <input type="dropdown" token="dropdown2">
      <label>Dropdown 2</label>
      <search>
        <query>
           index=your_index field1=$dropdown1$
           | dedup field2
           | sort field2
           | table field2
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <choice value="*">All</choice>
      <prefix>field2="</prefix>
      <suffix>"</suffix>
      <fieldForLabel>field2</fieldForLabel>
      <fieldForValue>field2</fieldForValue>
    </input>
    <input type="dropdown" token="dropdown3">
      <label>Dropdown 1</label>
      <search>
        <query>
           index=your_index field1=$dropdown1$ field2=$dropdown2$
           | dedup field3
           | sort field3
           | table field3
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <choice value="*">All</choice>
      <prefix>field3="</prefix>
      <suffix>"</suffix>
      <fieldForLabel>field3</fieldForLabel>
      <fieldForValue>field3</fieldForValue>
    </input>
   </fieldset>

Ciao.

Giuseppe

borolen · ‎07-27-2022

Hi @gcusello ,

I do not have more values for server 2, server 3. The values are static for dropdowns. I just have to make the others consistent with the suffix of one I have selected.

I don't have different fields like field1, field2 etc. All these are are the same field as sourcetype. Also, I want the update to be bidirectironal ie.e if I select from dropdown 2 it should reflect in the other dropdowns

gcusello · ‎07-27-2022

Hi @borolen,

as I said, if after the first dropdown choice, you have only one static value for the second and third dropdown, you don't need tu use dropdows, but you can take these values from the search or from a lookup, so your interfase is easier to use (your users have to use only one input!).

Ciao.

Giuseppe

How do I create dependent dropdowns/filters?

form

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation