Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to achieve dynamic dropdown all option?

Aroot002
Path Finder
‎10-24-2022 12:11 PM

So I've searched and searched but can't seem to find an answer to my issue. I need to add an all option to my dynamic dropdown. I have found answers that seem like they should be simple enough. Either add All, * to static or alter the XML code. I've tried both, (I think when I altered the XML code it pretty much caused the dropdown to be the exact same way as it was had I just added the options to the static section) and each time I am getting a "search string cannot be empty" error. Don't know if it matters but I did watch a couple youtube videos, their search used | table fieldname | dedup fieldname at the end, when I did that I got the same issue, but now all the field values are grouped together, so I'm doing | stats count by fieldname at the end

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

johnhuang
Motivator
‎10-24-2022 12:45 PM

This is how I would typically configure it:

johnhua_0-1666640560928.png

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

johnhuang
Motivator
‎10-24-2022 12:45 PM

This is how I would typically configure it:

johnhua_0-1666640560928.png

 

0 Karma
Reply
Solved! Jump to solution

Aroot002
Path Finder
‎10-24-2022 12:52 PM

Same issue, says that it's ignoring search expansion due to error "search string cannot be empty"

0 Karma
Reply
Solved! Jump to solution

johnhuang
Motivator
‎10-24-2022 01:10 PM

Could you click on the magnifying glass to "Open in search" and provide the query?

0 Karma
Reply
Solved! Jump to solution

Aroot002
Path Finder
‎10-24-2022 01:16 PM

I'm actually working on my other computer, but I did click the glass, I got the same error when the search opened, could this be more of a log issue? I actually swapped it out for another field and did not get the error.

0 Karma
Reply
Solved! Jump to solution

johnhuang
Motivator
‎10-24-2022 01:19 PM

I think it's more of a query issue - could you provide a sample of the query when open to a new search?

0 Karma
Reply
Solved! Jump to solution

Aroot002
Path Finder
‎10-24-2022 01:23 PM

I actually just did a simple search to test it out. index=index_name source_type=windows fieldname=* and that got the error. Also tried with quotation marks. But if I change the fieldname to a different one I don't get that error. I don't have a lot of experience in this so I immediately assumed it was something I am doing.

0 Karma
Reply
Solved! Jump to solution

johnhuang
Motivator
‎10-24-2022 01:26 PM

Just to confirm,

You ran:

index=index_name source_type=windows fieldname=*

and got an error "search string cannot be empty"? 

0 Karma
Reply
Solved! Jump to solution

Aroot002
Path Finder
‎10-24-2022 01:29 PM

Yes, the error is "Ignoring fieldname "value1" for search expansion due to error="search string cannot be empty"

"Ignoring fieldname "value2" for search expansion due to error="search string cannot be empty"

0 Karma
Reply
Solved! Jump to solution

johnhuang
Motivator
‎10-24-2022 01:40 PM

If possible, could you provide a screenshot.

0 Karma
Reply
Solved! Jump to solution

Aroot002
Path Finder
‎10-26-2022 02:34 PM

I'm actually accepting your first response as a solution... essentially your answer was the correct one. My problem was being caused by an underlying issue with the logs I am querying.

Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...